#web

### Summary A DOM Clobbering vulnerability has been discovered in `layui` that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are present. It's worth noting that we’ve identifed similar issues in other popular client-side libraries like Webpack ([CVE-2024-43788](https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986)) and Vite ([CVE-2024-45812](https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3)), which might serve as valuable references. ### Backgrounds DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code snippet) living in the existing libraries to transform it into executable code. ### Impact This vulnerability can lead to cross-site scripting (XSS) on websites that uses ...

### Impact Insecure direct object reference allowing an attacker to disable subscriptions and reviews of another customer

ABB Cylon Aspect version 3.07.01 BMS/BAS controller is operating with default and hard-coded credentials contained in install package while exposed to the Internet.

Ubuntu Security Notice 7039-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Red Hat Security Advisory 2024-7164-03 - The Migration Toolkit for Containers 1.8.4 is now available. Issues addressed include denial of service and password leak vulnerabilities.

Ubuntu Security Notice 7036-1 - It was discovered that Rack was not properly parsing data when processing multipart POST requests. If a user or automated system were tricked into sending a specially crafted multipart POST request to an application using Rack, a remote attacker could possibly use this issue to cause a denial of service. It was discovered that Rack was not properly escaping untrusted data when performing logging operations, which could cause shell escaped sequences to be written to a terminal. If a user or automated system were tricked into sending a specially crafted request to an application using Rack, a remote attacker could possibly use this issue to execute arbitrary code in the machine running the application.

SchoolPlus version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

School Log Management System version 1.0 suffers from a PHP code injection vulnerability.

School Dormitory Management System version 1.0 suffers from an ignored default credential vulnerability.

Restaurant POS version 1.0 suffers from a remote SQL injection vulnerability.