#xss

Failing to properly encode editor input, the search result view of indexed_search is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML.

Failing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript.

Sitefinity version 15.0 suffers from a persistent cross site scripting vulnerability.

### Impact Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: * A public web application allows users to create entities with arbitrary names. * Active Admin is used to administrate these entities through a private backend. * The form to edit these entities in the private backend has the following shape (note the dynamic `name` value dependent on an attribute of the `resource`): ```ruby form do |f| f.inputs name: resource.name do f.input :name f.input :description end f.actions end ``` Then a malicious user could create an entity with a payload that would get executed in the active admin administrator's browser. Both `form` blocks with an implicit or explicit name (i.e., both `form resource.name` or `form name: resource.name` would suffer from the problem), where the value of the name can be arbitrarily set by non admin users. ### ...

During the internal penetration testing of our product based on Yii2, we discovered an XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 (2.0.49.3). ### Conditions for vulnerability reproduction * The framework is in debug mode (YII_DEBUG set to true). * The php.ini setting zend.exception_ignore_args is set to Off (default value). * An attacker induces an exception in the application, leading to a stack trace page being displayed. ### Vulnerability description The issue lies in the mechanism for displaying function argument values in the stack trace. The vulnerability manifests when an argument's value exceeds 32 characters. For convenience, argument values exceeding this limit are truncated and displayed with an added "...". The full argument value becomes visible when hovering over it with the mouse, as it is displayed in the title attribute of a span tag. However, the use of a double quote (") allows an attacker to break out of ...

ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.

Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features.

Additional sanitizing was required when opening the equation editor to prevent a stored Cross-site Scripting (XSS) risk when editing another user's equation.

There is a cross-site scripting (XSS) issue in wanEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12.

iMLog versions prior to 1.307 suffer from a persistent cross site scripting vulnerability.