#xss

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions.

Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes Regina Lite theme <= 2.0.7 versions.

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available  Vendor: Scada-LTS  Equipment: Scada-LTS  Vulnerability: Cross-site Scripting  2. RISK EVALUATION Successful exploitation of this vulnerability could allow loss of sensitive information and execution of arbitrary code.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Scada-LTS, an open-source HMI, are affected:  Scada-LTS Versions 2.7.4 and prior  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79  Scada-LTS versions 2.7.4 and prior are vulnerable to cross-site scripting. This could allow a remote attacker to craft malicious URLs that may execute arbitrary code in an authenticated user’s browser and print sensitive information.  CVE-2015-1179 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/...

### Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. In earlier versions there is no control over what kinds of files can be uploaded. Thus a malicious actor may upload an `.exe` file or a file containing embedded JavaScript and trick others into clicking on these files causing vulnerable browsers to execute malicious code on another computer or attempting XSS attacks. Stored XSS attacks via file uploads have been fixed in earlier versions of Kiwi TCMS, see [GHSA-2wcr-87wf-cf9j](https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-2wcr-87wf-cf9j). This advisory deals with prohibiting users to upload potentially compromised files in the first place. ### Patches Kiwi TCMS v12.2 comes with functionality that allows administrators to configure additional upload validator functions which give them more control over what file types are accepted for upload. By default `.exe` are denied. Other files containing the `<script>` tag, regardless of their t...

### Impact Frederic Linn (@FredericLinn) has reported a series of vulnerabilities that can result in directory traversal, file write, and potential remote code execution on Jellyfin instances. The general process involves chaining several exploits including a stored XSS vulnerability and can be used by an unprivileged user. The general process is (using the example of setting an intro video as the payload): * Create a session as a low-priviledged user with a crafted authorization header * Upload an executable that contains a malicious plugin inline via /ClientLog/Document * (Admin hovers over our device in dashboard -> XSS payload gets triggered) * XSS Payload tries to set encoder path to our uploaded "log" file via /System/MediaEncoder/Path * The request fails, but in the process our executable actually runs (I guess for verifying if the path points to a valid ffmpeg version) * The executable will create a plugin folder and place the inlined plugin DLL inside it * The XSS payload sh...

In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period.

jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the `REST` endpoints with admin privileges. When combined with CVE-2023-30626, this results in remote code execution on the Jellyfin instance in the context of the user who's running it. This issue is patched in version 10.8.10. There are no known workarounds.

Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the `ClientLogController`, specifically `/ClientLog/Document`. When combined with a cross-site scripting vulnerability (CVE-2023-30627), this can result in file write and arbitrary code execution. Version 10.8.10 has a patch for this issue. There are no known workarounds.

The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin