#xss

**Description:** XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display of Librenms versions 24.9.0, 24.10.0, and 24.10.1 ([https://github.com/librenms/librenms](https://github.com/librenms/librenms)) allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. **Proof of Concept:** 1. Add a new device through the LibreNMS interface. 2. Edit the newly created device by going to the "Device Settings" section. 3. In the "Display Name" field, enter the following payload: `"><script>alert(1)</script>`.  4. Save the changes. 5. The XSS payload triggers when accessing the "/apps" path (if an application was previously added). ![Screenshot from...

# StoredXSS-LibreNMS-Display Name 2 **Description:** XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display of Librenms versions 24.11.0 ([https://github.com/librenms/librenms](https://github.com/librenms/librenms)) allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. **Proof of Concept:** 1. Add a new device through the LibreNMS interface. 2. Edit the newly created device by going to the "Device Settings" section. 3. In the "Display Name" field, enter the following payload: `"><img src onerror="alert(document.cookie)">`.  4. Save the changes. 5. The XSS payload is triggered when navigating to the path /device/$DEVICE_ID/logs and hovering over a type contai...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 2.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Industrial Edge Management Vulnerability: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Industrial Edge Management OS (IEM-OS): All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE...

> [!IMPORTANT] > This vulnerability only affects sites which are in the "dev" environment mode. If your production website is in "dev" mode, it has been misconfigured, and you should immediately swap it to "live" mode. > See https://docs.silverstripe.org/en/developer_guides/debugging/environment_types/ for more information. If a website has been set to the "dev" environment mode, a URL can be provided which includes an XSS payload which will be executed in the resulting error message. ## References - https://www.silverstripe.org/download/security-releases/ss-2024-002 ## Reported by Gaurav Nayak from [Chaleit](https://chaleit.com/)

In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability. ### References - https://www.silverstripe.org/download/security-releases/cve-2024-53277 ## Reported by Leo Diamat from [Bastion Security Group](http://www.bastionsecurity.co.nz/)

### Impact When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. ## References - https://www.silverstripe.org/download/security-releases/cve-2024-47605 ## Reported by James Nicoll from [Fujitsu Cyber Security Services](https://www.fujitsu.com/nz/services/security/)

### Impact A vulnerability has been identified within Rancher UI that allows a malicious actor to perform a Stored XSS attack through the cluster description field. Please consult the associated [MITRE ATT&CK - Technique - Drive-by Compromise](https://attack.mitre.org/techniques/T1189/) for further information about this category of attack. ### Patches The fix introduces new changes in the directives responsible for sanitizing HTML code before rendering. We replaced the `v-tooltip` directive with the `v-clean-tooltip` directive. Patched versions include releases `2.9.4` and `2.10.0`. ### Workarounds There are no workarounds for this issue. Users are recommended to upgrade, as soon as possible, to a version of /Rancher Manager which contains the fixes. ### Credits This issue was identified and reported by Bhavin Makwana from Workday’s Cyber Defence Team. ### For more information If you have any questions or comments about this advisory: - Reach out to the [SUSE Rancher Security...

A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”.

Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - DataTransfer Extension allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects Mediawiki - DataTransfer Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert, EcoStruxure Power Operation, EcoStruxure Power SCADA Operation 2020 Vulnerability: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to tamper with folder names within the context of the product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Schneider Electric EcoStruxure™ Power Monitoring Expert (PME) 2021: All versions prior to 2021 CU1 Schneider Electric EcoStruxure™ Power Monitoring Expert (PME) 2020: All versions prior to 2020 CU3 Schneider Electric EcoStruxure™ Power Operation (EPO) 2022: All versions prior to 2022 CU4 Schneider Electric EcoStruxure™ Power Operation (EPO) 2022 – Advanced Reporting and Dashboards Module: A...