Tag
#xss
### Summary The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. ### Details Twisted’s `redirectTo` function generates an `HTTP 302 Redirect` response. The response contains an HTML body, built for exceptional cases where the browser doesn’t properly handle the redirect, allowing the user to click a link, navigating them to the specified destination. The function reflects the destination URL in the HTML body without any output encoding. ```python # https://github.com/twisted/twisted/blob/trunk/src/twisted/web/_template_util.py#L88 def redirectTo(URL: bytes, request: IRequest) -> bytes: # ---snip--- content = b""" <html> <head> <meta http-equiv=\"refresh\" content=\"0;URL=%(url)s\"> </head> <body bgcolor=\"#FFFFFF\" text=\"#000000\"> <a href=\"%(url)...
QuickJob version 6.1 suffers from an ignored default credential vulnerability.
Prison Management System version version 1.0 suffers from an ignored default credential vulnerability.
Pharmacy Management System version 1.0 suffers from an ignored default credential vulnerability.
Online Payment Hub System version 1.0 suffers from an ignored default credential vulnerability.
Innue Business Live Chat version 2.5 suffers from an ignored default credential vulnerability.
### Impact This XSS vulnerability is about the system configs * design/header/welcome * design/header/logo_src * design/header/logo_src_small * design/header/logo_alt They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases. But because of previously missing escaping allowed to input arbitrary html and as a consequence also arbitrary JavaScript. While this is in most usage scenarios not a relevant issue, some people work with more restrictive roles in the backend. Here the ability to inject JavaScript with these settings would be an unintended and unwanted privilege. ### Patches _Has the problem been patched? What versions should users upgrade to?_ The problem is patched with Version 20.10.1 or higher. ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ Possible mitigations are * Restricting access to the System Configs * checking templates where these settings are u...
An attack flow that combines API flaws within "log in with" implementations and Web injection bugs could affect millions of websites.
## usd-2024-0009 | Reflected XSS in Oveleon Cookiebar ### Details **Advisory ID**: usd-2024-0009 **Product**: Cookiebar **Affected Version**: 2.X **Vulnerability Type**: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') **Security Risk**: HIGH, CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N **Vendor URL**: https://www.usd.de/ **CVE Number**: Not requested yet **CVE Link**: Not requested yet ### Affected Component The `block` function in `CookiebarController.php`. ### Desciption Oveleon's Cookiebar is an extension for the popular Contao CMS. The `block/locale` endpoint does not properly sanitize the user-controlled `locale` input before including it in the backend's HTTP response, thereby causing reflected XSS. ### Fix Sanitize the `locale` input to prevent XSS payloads from being executed in a user's browser. ### Timeline * **2024-04-24**: Vulnerability discovered by Daniel Ruppel of usd AG. * *...
Multi Store Inventory Management System version 1.0 suffers from an insecure direct object reference vulnerability.