Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-30960: Palantir | Trust and Security Portal

A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.

CVE
#xss#vulnerability#web#dos#git#perl#auth#chrome#ssl
CVE-2023-30956: Palantir | Trust and Security Portal

A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.

CVE-2023-30963: Palantir | Trust and Security Portal

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.

GHSA-8c6x-g4fw-8rf4: Whatsapp-Chat-Exporter has Cross-Site Scripting vulnerability in HTML output of chats.

### Impact A Cross-Site Scripting (XSS) vulnerability was found in the HTML output of chats. XSS is intended to be mitigated by Jinja's escape function. However, `autoescape=True` was missing when setting the environment. Although the actual impact is low, considering the HTML file is being viewed offline, an adversary may still be able to inject malicious payloads into the chat through WhatsApp. All users are affected. ### Patches The vulnerability is patched in 0.9.5. All users are strongly advised to update the exporter to the latest version. ### Workarounds No workaround is available. Please update the exporter to the latest version. ### References https://github.com/KnugiHK/WhatsApp-Chat-Exporter/commit/bfdc68cd6ad53ceecf132773f9aaba50dd80fe79 https://owasp.org/www-community/attacks/xss/

GHSA-q9w4-w667-qqj4: ckeditor-wordcount-plugin vulnerable to Cross-site Scripting in Source Mode of Editor

### Problem It has been discovered that the `ckeditor-wordcount-plugin` plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. ### Solution Update to version 1.17.11 of the `ckeditor-wordcount-plugin` plugin. ### Credits * @sypets for reporting this finding to the TYPO3 Security Team * @ohader for fixing the issue on behalf of the TYPO3 Security Team

CVE-2023-22835: Palantir | Trust and Security Portal

A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants. This defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.

CVE-2023-24488: Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-24487, CVE-2023-24488

Cross site scripting vulnerability in Citrix ADC and Citrix Gateway? in allows and attacker to perform cross site scripting

GHSA-524r-w8fx-hqg3: TeamPass Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10.

CVE-2023-36936

Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitrary code via a crafted payload to the search booking box.

CVE-2023-36939

Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field.