#xss

### Summary If directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like `<img src=x onerror=alert(1)>.txt` will allow JavaScript code execution in the context of the web server’s domain. ### Details SWS generally does not perform escaping of HTML entities on any values inserted in the directory listing. At the very least `file_name` and `current_path` could contain malicious data however. `file_uri` could also be malicious but the relevant scenarios seem to be all caught by hyper. ### Impact For any web server that allow users to upload files or create directories under a name of their choosing this becomes a stored XSS vulnerability.

There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. The reason these issues were not detected before is the escapes were working as designed. However, their design didn't take into account just how recklessly permissive browser are when it comes to executing unsafe JavaScript via HTML attributes. ### Impact If you render an `<a>` tag with an `href` attribute set to a user-provided link, that link could potentially execute JavaScript when clicked by another user. ```ruby a(href: user_profile) { "Profile" } ``` If you splat user-provided attributes when rendering any HTML or SVG tag, malicious event attributes could be included in the output, executing JavaScript when the events are triggered by another user. ```ruby h1(**JSON.parse(user_attributes)) ``` ### Patches Patches are [available on RubyGems](https://rubygems.org/gems/phlex) for all minor versions released in the last year. - [1.10.2](https://rubygems.org...

### Impact It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are vulnerable, including: - /dcim/location-types/ - /dcim/locations/ - /dcim/racks/ - /dcim/rack-groups/ - /dcim/rack-reservations/ - /dcim/rack-elevations/ - /tenancy/tenants/ - /tenancy/tenant-groups/ - /extras/tags/ - /extras/statuses/ - /extras/roles/ - /extras/dynamic-groups/ - /dcim/devices/ - /dcim/platforms/ - /dcim/virtual-chassis/ - /dcim/device-redundancy-groups/ - /dcim/interface-redundancy-groups/ - /dcim/device-types/ - /dcim/manufacturers/ - /dcim/cables/ - /dcim/console-connections/ - /dcim/power-connections/ - /dcim/interface-connections/ - /dcim/interfaces/ - /dcim/front-ports/ - /dcim/rear-ports/ - /dcim/console-ports/ - /dcim/console-server-ports/ - /dcim/power-ports/ - /dc...

osCommerce version 4 suffers from a cross site scripting vulnerability. Original discovery of cross site scripting in this version is attributed to CraCkEr in November of 2023.

Red Hat Security Advisory 2024-2387-03 - An update for mod_jk and mod_proxy_cluster is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting and information leakage vulnerabilities.

Doctor Appointment Management System version 1.0 suffers from a cross site scripting vulnerability.

Red Hat Security Advisory 2024-1891-03 - Red Hat OpenShift Container Platform release 4.14.22 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include cross site scripting, denial of service, and traversal vulnerabilities.

Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the URL.

### Description: During the source Code Review of the metrics.erb view of the Sidekiq Web UI, A reflected XSS vulnerability is discovered. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the application. This vulnerability can be exploited to target the users of the application, and users of other applications deployed on the same domain or website as that of the Sidekiq website. Successful exploit results may result in compromise of user accounts and user data. ### Impact: The impact of this vulnerability can be severe. An attacker could exploit it to target users of the Sidekiq Web UI. Moreover, if other applications are deployed on the same domain or website as Sidekiq, users of those applications could also be affected, leading to a broader scope of compromise. Potentially compromising their accounts, forcing the users to perform sensitive actions, stealing sensitive data, perfor...

Ubuntu Security Notice 6751-1 - It was discovered that Zabbix incorrectly handled input data in the discovery and graphs pages. A remote authenticated attacker could possibly use this issue to perform reflected cross-site scripting attacks.