Tag
#vulnerability
### Summary A potential XSS vulnerability exists in Svelte for versions prior to 4.2.19. ### Details Svelte improperly escapes HTML on server-side rendering. It converts strings according to the following rules: - If the string is an attribute value: - `"` -> `"` - `&` -> `&` - Other characters -> No conversion - Otherwise: - `<` -> `<` - `&` -> `&` - Other characters -> No conversion The assumption is that attributes will always stay as such, but in some situation the final DOM tree rendered on browsers is different from what Svelte expects on server-side rendering. This may be leveraged to perform XSS attacks. More specifically, this can occur when injecting malicious content into an attribute within a `<noscript>` tag. ### PoC A vulnerable page (`+page.svelte`): ```html <script> import { page } from "$app/stores" // user input let href = $page.url.searchParams.get("href") ?? "https://example.com"; </script> <noscript> <a href={href}...
Cacti versions prior to 1.2.27 suffer from an arbitrary file write vulnerability that allows for remote code execution.
Water Billing Management System version 1.0 suffers from a cross site request forgery that enables an arbitrary file upload.
Red Hat Security Advisory 2024-6054-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes security and bug fixes. Issues addressed include deserialization and memory exhaustion vulnerabilities.
Webpay E-Commerce version 1.0 suffers from a directory traversal vulnerability.
Red Hat Security Advisory 2024-6044-03 - Red Hat Advanced Cluster Management for Kubernetes 2.11.2 General Availability release images, which fix bugs and update container images. Issues addressed include a denial of service vulnerability.
SPIP version 4.2.6 suffers from a code execution vulnerability.
WordPress GetYourGuide Ticketing plugin version 1.0.6 suffers from a cross site scripting vulnerability.
WordPress SeatReg plugin version 1.54.0 suffers from an open redirection vulnerability.
WordPress WP Event Manager plugin version 3.1.44 suffers from a cross site scripting vulnerability.