#web

### Impact Due to the use of the [object destructuring assignment](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Destructuring_assignment) syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to arbitrarily execute javascript files on the local disk. ### Patches Patched in v2.8.7 ### Workarounds Site maintainers can cherry pick ec58700f6dff8e5b4af1544f6205ec362b593092 into their codebase to patch the exploit.

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PluginForage WooCommerce Product Categories Selection Widget plugin <= 2.0 versions.

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Steven Henty Drop Shadow Boxes plugin <= 1.7.10 versions.

An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected.

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.

The financially motivated threat actors behind the Casbaneiro banking malware family have been observed making use of a User Account Control (UAC) bypass technique to gain full administrative privileges on a machine, a sign that the threat actor is evolving their tactics to avoid detection and execute malicious code on compromised assets. "They are still heavily focused on Latin American

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from adjacent network Vendor: Axis Communications Equipment: AXIS A1001 Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AXIS A1001, a network door controller, are affected: AXIS A1001: 1.65.4 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 HEAP-BASED BUFFER OVERFLOW CWE-122 A heap-based buffer overflow vulnerability exists in the AXIS 1001 versions 1.65.4 and prior. When communicating over the Open Supervised Device Protocol (OSDP), the pacsiod process that handles the OSDP communication allows for writing outside of the allocated buffer. By appending invalid data to an OSDP message, it is possible to write data beyond the heap allocated buffer. The data written outside the buffer could allow an attacker to execute arbitrary code. CVE-2023-21406 has been assig...

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Low attack complexity Vendor: Johnson Controls Inc. Equipment: IQ Wifi 6 Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to gain account access by conducting a brute force authentication attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Johnson Controls products are affected: IQ Wifi 6: All firmware versions prior to 2.0.2 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Restriction of Execssive Authentication Attempts CWE-307 In firmware versions prior to v2.0.2 of Johnson Controls IQ Wifi 6, an unauthorized user could gain account access by conducting a brute force authentication attack. CVE-2023-3548 has been assigned to this vulnerability. A CVSS v3 base score of 8.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L). 3.3 BACKGROUND Critical Infrastructure Sectors: Critical Ma...

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager ThinServer Vulnerability: Relative Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote actor to leverage the privileges of the server’s file system and read arbitrary files stored in it. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports this vulnerability affects the following versions of ThinManager ThinServer, a thin client and remote desktop protocol (RDP) server management software: ThinManager ThinServer: versions 13.0.0—13.0.2 and 13.1.0 3.2 VULNERABILITY OVERVIEW 3.2.1 Relative Path Traversal CWE-23 An executable used in the affected products can be configured to enable an API feature in the HTTPS server settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that could allow a remote actor to levera...