#xss

Red Hat Security Advisory 2024-6656-03 - Migration Toolkit for Runtimes 1.2.7 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a cross site scripting vulnerability.

Webpay E-Commerce version 1.0 suffers from a cross site scripting vulnerability.

Beauty Parlour and Saloon Management System version 1.1 suffers from an insecure cooking handling vulnerability.

A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI.

3DSecure version 2.0 is vulnerable to form action hijacking via the threeDSMethodNotificationURL parameter. This flaw allows attackers to change the destination website for form submissions, enabling data theft.

Multiple reflected cross site scripting vulnerabilities in the 3DS Authorization Method of 3DSecure version 2.0 allow attackers to inject arbitrary web scripts via the threeDSMethodData parameter.

Multiple reflected cross site scripting vulnerabilities exist in the 3DS Authorization Challenge of 3DSecure version 2.0. These flaws allow attackers to inject arbitrary web scripts, CSS, or HTML through the manipulation of the params parameter in the request URL.

3DSecure version 2.0 is vulnerable to cross site scripting in its 3DSMethod Authentication. This vulnerability allows remote attackers to hijack the form action and change the destination website via the params parameter, which is base64 encoded and improperly sanitized.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Runtime Vulnerability: Observable Response Discrepancy 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated remote attackers to distinguish between valid and invalid usernames. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens Mendix Runtime, are affected: Mendix Runtime V8: All versions only if the basic authentication mechanism is used by the application Mendix Runtime V9: All versions prior to V9.24.26 only if the basic authentication mechanism is used by the application Mendix ...