Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-40175: Merge pull request from GHSA-68xg-gqqm-vgj8 · puma/puma@690155e

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE
Open in Source
#vulnerability#web#ruby
CVE-2023-40174: added session expiration · fobybus/social-media-skeleton@99738b2

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. Social media skeleton releases prior to 1.0.5 did not properly limit manage user session lifecycles. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2023-40172: Cross-Site Request Forgery (CSRF) in fobybus/social-media-skeleton

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. A Cross-site request forgery (CSRF) attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do. This can be done by sending the victim a malicious link or by exploiting a vulnerability in the website. Prior to version 1.0.5 Social media skeleton did not properly restrict CSRF attacks. This has been addressed in version 1.0.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

GHSA-7954-6m9q-gpvf: XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message

### Impact Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This can be reproduced with the following steps: 1. Open the invitation application (Invitation.WebHome). 1. Set the subject to `{{cache}}{{groovy}}new File("/tmp/exploit.txt").withWriter { out -> out.println("Attacked from invitation!"); }{{/groovy}}{{/cache}}` 1. Click "Preview" ### Patches The vulnerability has been patched on XWiki 14.4.8, 15.2-rc-1, and 14.10.6. ### Workarounds The vulnerability can be patched manually by applying the [patch](https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591) on `Invitation.InvitationCommon` and `Invitation.InvitationConfig`. ### References - https://jira.xwiki.org/browse/XWIKI-20421 - https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591 #...

GHSA-68xg-gqqm-vgj8: Puma HTTP Request/Response Smuggling vulnerability

### Impact Prior to version 6.3.1, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. The following vulnerabilities are addressed by this advisory: * Incorrect parsing of trailing fields in chunked transfer encoding bodies * Parsing of blank/zero-length Content-Length headers ### Patches The vulnerability has been fixed in 6.3.1 and 5.6.7. ### Workarounds No known workarounds. ### References [HTTP Request Smuggling](https://portswigger.net/web-security/request-smuggling) ### For more information If you have any questions or comments about this advisory: Open an issue in [Puma](https://github.com/puma/puma) See our [security policy](https://github.com/puma/puma/security/policy)

CVE-2023-38910: CVE/CVE-2023- at main · desencrypt/CVE

CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.

CVE-2023-38910: CVE/CVE-2023-38910/Readme.md at main · desencrypt/CVE

CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.

Patch now! Citrix Sharefile joins the list of actively exploited file sharing software

Categories: Exploits and vulnerabilities Categories: News Tags: Citrix Tags: ShareFile Tags: CVE-2023-24489 Tags: RCE Tags: unauthenticated Tags: vulnerability Tags: PoC Citrix ShareFile can be exploited remotely by unauthenticated attackers. (Read more...) The post Patch now! Citrix Sharefile joins the list of actively exploited file sharing software appeared first on Malwarebytes Labs.

CVE-2023-32122: WordPress Spiffy Calendar plugin <= 4.9.3 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy Plugins Spiffy Calendar plugin <= 4.9.3 versions.

CVE-2023-32130: WordPress Multi Rating plugin <= 5.0.6 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.