Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-40175: Merge pull request from GHSA-68xg-gqqm-vgj8 · puma/puma@690155e

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE
Open in Source
#vulnerability#web#ruby
CVE-2023-40037: Apache NiFi Security Reports

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. The resolution enhances connection URL validation and introduces validation for additional related properties. Upgrading to Apache NiFi 1.23.1 is the recommended mitigation.

GHSA-7954-6m9q-gpvf: XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message

### Impact Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This can be reproduced with the following steps: 1. Open the invitation application (Invitation.WebHome). 1. Set the subject to `{{cache}}{{groovy}}new File("/tmp/exploit.txt").withWriter { out -> out.println("Attacked from invitation!"); }{{/groovy}}{{/cache}}` 1. Click "Preview" ### Patches The vulnerability has been patched on XWiki 14.4.8, 15.2-rc-1, and 14.10.6. ### Workarounds The vulnerability can be patched manually by applying the [patch](https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591) on `Invitation.InvitationCommon` and `Invitation.InvitationConfig`. ### References - https://jira.xwiki.org/browse/XWIKI-20421 - https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591 #...

GHSA-68xg-gqqm-vgj8: Puma HTTP Request/Response Smuggling vulnerability

### Impact Prior to version 6.3.1, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. The following vulnerabilities are addressed by this advisory: * Incorrect parsing of trailing fields in chunked transfer encoding bodies * Parsing of blank/zero-length Content-Length headers ### Patches The vulnerability has been fixed in 6.3.1 and 5.6.7. ### Workarounds No known workarounds. ### References [HTTP Request Smuggling](https://portswigger.net/web-security/request-smuggling) ### For more information If you have any questions or comments about this advisory: Open an issue in [Puma](https://github.com/puma/puma) See our [security policy](https://github.com/puma/puma/security/policy)

CVE-2023-38910: CVE/CVE-2023- at main · desencrypt/CVE

CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.

CVE-2023-38910: CVE/CVE-2023-38910/Readme.md at main · desencrypt/CVE

CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.

Patch now! Citrix Sharefile joins the list of actively exploited file sharing software

Categories: Exploits and vulnerabilities Categories: News Tags: Citrix Tags: ShareFile Tags: CVE-2023-24489 Tags: RCE Tags: unauthenticated Tags: vulnerability Tags: PoC Citrix ShareFile can be exploited remotely by unauthenticated attackers. (Read more...) The post Patch now! Citrix Sharefile joins the list of actively exploited file sharing software appeared first on Malwarebytes Labs.

CVE-2023-32122: WordPress Spiffy Calendar plugin <= 4.9.3 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy Plugins Spiffy Calendar plugin <= 4.9.3 versions.

CVE-2023-32130: WordPress Multi Rating plugin <= 5.0.6 - Cross Site Scripting (XSS) - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.

CVE-2023-32109: WordPress Albo Pretorio On line plugin <= 4.6.3 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions.