Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS.

**Cross-site Scripting in Semantic MediaWiki**

Moderate severity GitHub Reviewed Published Dec 10, 2023 to the GitHub Advisory Database • Updated Dec 11, 2023

GHSA-hj4c-vfc4-5f9c: Cross-site Scripting in Semantic MediaWiki

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

Additional navigation options

New issue

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Labels

bug

Occurrence of an unintended or unanticipated behaviour that causes a vulnerability or fatal error

CVE-2022-48614: Possible Reflected XSS vulnerability in Special:Ask · Issue #5262 · SemanticMediaWiki/SemanticMediaWiki

A vulnerability was found in SourceCodester Simple Invoice Generator System 1.0 and classified as problematic. This issue affects some unknown processing of the file login.php. The manipulation of the argument cashier leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247343.

CVE-2023-6650

A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument searchdata with the input <script>alert(5)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-247342 is the identifier assigned to this vulnerability.

CVE-2023-6649

A vulnerability classified as problematic has been found in linkding 1.23.0. Affected is an unknown function. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.23.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-247338 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product.

CVE-2023-6646

The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites.

CVE-2023-28874: Seafile Community Edition - Seafile Admin Manual

An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor.

**usd-2022-0032 | Seafile 9.0.6 - Cross-Site Scripting**

**Advisory ID:** usd-2022-0032  
**Product:** Seafile  
**Affected Version:** 9.0.6  
**Vulnerability Type:** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)  
**Security Risk:** Medium  
**Vendor URL:** https://seafile.com  
**Vendor Status:** fixed  
**CVE number:**  requested

**Description**

The Seafile application allows to set up a self-hosted cloud storage system. It supports common functions such as synchronization of files between server and client, as well as group sharing.  
In addition to the basic functions, Seafile also provides it's users with a wiki and a discussion feature. The markdown editor, provided by the application, does not properly filter javscript URIs from the \`href\` attribute, which results in stored XSS.

**Proof of Concept**

The markdown editor allows an attacker to inject a javascript payload in the \*href\* attribute of the \*a\* tag.

The payload is executed if a user visits and clicks on the link on the wiki page (or the file somewhere else).

**Fix**

It is recommended to treat all input on the website as potentially dangerous.  
Hence, all output that is dynamically generated based on user-controlled data should be encoded according to its context.  
The majority of programming languages support standard procedures for encoding meta characters.

**References**

*   https://owasp.org/www-community/attacks/xss/
*   https://manual.seafile.com/changelog/server-changelog/#908-2022-09-07

**Timeline**

*   **2022-07-15:** First contact request via info@seafile.com
*   **2022-08-02:** Second contact request via info@seafile.com
*   **2022-08-11:** Third contact request via info@seafile.com and seafile@datamate.org
*   **2022-09-02:** Vendor reports vulnerability as fixed (usd-2022-0032). Second advisory still in triage(usd-2022-0033)
*   **2022-10-31:** Both advisories fixed in new release 9.0.7
*   **2023-02-14:** The advisory is published

**Credits**

This security vulnerability was found by Christian Pöschl of usd AG.

CVE-2023-28873: usd-2022-0032 - usd HeroLab

A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS).


%PDF-1.4 %���� 138 0 obj <> endobj xref 138 19 0000000016 00000 n 0000001293 00000 n 0000001507 00000 n 0000001809 00000 n 0000001949 00000 n 0000002535 00000 n 0000003257 00000 n 0000003397 00000 n 0000004137 00000 n 0000012888 00000 n 0000013081 00000 n 0000013549 00000 n 0000022741 00000 n 0000022930 00000 n 0000023525 00000 n 0000025495 00000 n 0000028977 00000 n 0000029197 00000 n 0000000676 00000 n trailer <\]/Prev 156319>> startxref 0 %%EOF 156 0 obj <>stream h�b\`\`\`b\`\`�b\`c\`\`���π��@QEGg����2�)ʚ:�u��-�'%WpN�l����ɀ5��o������j����򬱫VWռ��0�E\\�%�85�z(� ��i�� �)�zCe��ȉ.� ���� ��E��� ���a)@Ŧ���@�Y�B�b\*/4��\\�S�1�3tf�'�@��2���\]i�E<gn>\]��uh���f�t���P-W#gȷ�'L�M��KG�UH�VH�N� �W�K D˃:�F��9\]�A�3�z�X@j� �2�.;qy�sW7�,�RGGC(��h\`\`��P1A�0\`\`p��20 Jt��BCӠl���LBP����������r���2��\`.��d0�������R�@J�w<c�m -�\*������ ���r���� W����v0�ٕA�a�������L$f201j�p0.�X���\`���� h�H��L�i@Z����Hw20�'iF �\`���i endstream endobj 139 0 obj <>/Outlines 115 0 R/PageLayout/SinglePage/PageMode/UseNone/Pages 132 0 R/Type/Catalog/ViewerPreferences<>>> endobj 140 0 obj <>/MediaBox\[0 0 612 792\]/Parent 133 0 R/Resources<>/Font<>/XObject<>>>/Rotate 0/Type/Page>> endobj 141 0 obj <> endobj 142 0 obj <>stream x�\]�M��0���:���ĒV���r�MZzud9�8�!�����Ԑ<�������aWS\_n�V3�S������d��2Nն1�׷;a�vsU����}M��4ܪ���?����<ͻ����������i�KV\\��WV��y���iZͦb6}�t���L-�xz��4r���x��}�bZ�钪�&\_���/�������:��mbeӲH+��H����s��Xi7�+�R�J�@:��zH��� ���Rb���f\`���쥰�$Qވ@6����mY�\`5�R�,����AB�C �(B�@6�����o�������ra�q!9υh�+=r-+=2�+=2:�zdtH'���"+=2������J��>��0{߲���Ñ���Ñ���Ñ���Ñ���Ñ���Ñ��|I ��l����B4D��9.DC� �2�!jY0 ڱ2\`�&AgVL�"+&A=+&A������a'���y�� Ե˒7��I�\[��5NIW�|�\_�L�U�!O� endstream endobj 143 0 obj <>stream xڵ��n1���Oa!����Ok��V�T��� ���Â��\_0�n�I�T%�����g��x����\\\\�q\*Z�l�k�z�#F�쐣�b����{)~�����1d�lȃ����/yJkai�%�ζ9|�0���s����@P+c�#ьD\*#%l�u�SM@'߈�� )��w1�T�Y'�X��{u�U5\]\]�U?Tm\]}S��X�$3�� ���V�|$�t��t�|����\[��gձ�cB��E5���}����!��e\]�a3m�J���s|���0�Ge�N�\\�#��(�%tڇ�VP�u�j��\`�P������;�ilЖ��U�<�-�vY�8�\\����١ K�ODB�q̙���}1��9\`8h);���bkJ��X����QW;�^k���'�6�p�K��v="�sܵ����TF?\[X\*ЁKa�(�dK(\]�B鐲6J�YָS��ƙX��Ф5��=���.�8ǋ,����d�R�� ���\\D�g�4� �F�6�\`��)� tI 7=�a�㰬ʛ��f��S��4\[����M�p:�0<F|.�H��D\_

CVE-2020-25835

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter.

**Cross-site Scripting in evershop**

Moderate severity GitHub Reviewed Published Dec 8, 2023 to the GitHub Advisory Database • Updated Dec 13, 2023

GHSA-2xcj-557c-hf8r: Cross-site Scripting in evershop

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx.

**Stay up to date with our newsletter!**

Your Email...

Tag

#xss