Security
Headlines
HeadlinesLatestCVEs

Tag

#web

GHSA-62cx-5xj4-wfm4: ggit is vulnerable to Command Injection via the fetchTags(branch) API

All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API.

ghsa
#vulnerability#web#nodejs#js#git#auth
ABB Cylon Aspect 3.08.01 (calendarFileDelete.php) Arbitrary File Deletion

The BMS/BAS controller suffers from an arbitrary file deletion vulnerability. Input passed to the 'file' parameter in calendarFileDelete.php is not properly sanitised before being used to delete calendar files. This can be exploited by an unauthenticated attacker to delete files with the permissions of the web server using directory traversal sequences passed within the affected POST parameter.

Comcast and Truist Bank customers impacted by debt collector’s breach

A data breach at a US debt collection agency has led to the loss of data of some Comcast and Truist Bank customers.

GHSA-c7xm-rwqj-pgcj: LimeSurvey Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.

GHSA-74q2-6jp4-3rqq: Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name

Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in `/admin/contacts/organizations/edit/2`.

GHSA-632q-77qj-c89q: LimeSurvey Cross Site Scripting vulnerability

Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.

Large scale Google Ads campaign targets utility software

Malicious Google sponsored results disguised as software downloads lead to malware.

Malicious Chrome Extensions Skate Past Google's Updated Security

Google's Manifest V3 offers better privacy and security controls for browser extensions than the previous M2, but too many lax permissions and gaps remain.

GHSA-r8w8-74ww-j4wh: PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks

### Summary `\PhpOffice\PhpSpreadsheet\Writer\Html` does not sanitize "javascript:" URLs from hyperlink `href` attributes, resulting in a Cross-Site Scripting vulnerability. ### PoC Example target script: ``` <?php require 'vendor/autoload.php'; $reader = \PhpOffice\PhpSpreadsheet\IOFactory::createReader("Xlsx"); $spreadsheet = $reader->load(__DIR__ . '/book.xlsx'); $writer = new \PhpOffice\PhpSpreadsheet\Writer\Html($spreadsheet); print($writer->generateHTMLAll()); ``` Save this file in the same directory: [book.xlsx](https://github.com/PHPOffice/PhpSpreadsheet/files/15099763/book.xlsx) Open index.php in a web browser and click on both links. The first demonstrates the vulnerability in a regular hyperlink and the second in a HYPERLINK() formula.

GHSA-5gpr-w2p5-6m37: PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file

### Summary It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided path is a URL. By using specially crafted `php://filter` URLs an attacker can leak the contents of any file or URL. Note that this vulnerability is different from [GHSA-w9xv-qf98-ccq4](https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-w9xv-qf98-ccq4), and resides in a different component. ### Details When an XLSX file is opened, the XLSX reader calls `setPath()` with the path provided in the `xl/drawings/_rels/drawing1.xml.rels` file in the XLSX archive: ```php if (isset($images[$embedImageKey])) { // ...omit irrelevant code... } else { $linkImageKey = (string) self::getArrayItem( $blip->attributes('http://schemas.openxmlformats.org/officeDocument/2006/relationships'), 'link' ); if (isset($images[$linkImag...