As companies increasingly adopt MFA, cybercriminals are developing a variety of strategies to steal credentials and gain access to high-value accounts anyway.

As companies increasingly require stronger versions of security for their employees and customers, attackers are getting better at bypassing multifactor authentication (MFA), resulting in a steady stream of compromises, such as this week's announcement of a data leak at cybersecurity firm LastPass and the announced breach at social media service Reddit earlier in February. 

While multiple ways exist to bypass the flawed security of two-factor authentication (2FA) that uses one-time passwords (OTPs) sent through short message service (SMS) texts, systems protected by push notifications or using hardware tokens are considered much harder to compromise. Yet attackers have landed on a trio of techniques to get around the additional security: MFA flooding, proxy attacks, and session hijacking — focused on the user, the network, and the browser, respectively. 

"Most of the time, attackers are getting around weaker forms of MFA, especially those that use SMS, \[but\] there are plenty of techniques attackers use to circumvent MFA, including MFA flooding, SIM-swapping, and attacker-in-the-middle attacks," says Matt Caulfield, CEO of Oort, an identity-security provider.  

    

MFA bypass attacks increased in 2020 (green) compared with previous years. Source: Okta

**MFA Flooding & Fatigue**

The first target for attackers is often the human behind the keyboard. Overall, 82% of breaches involved the "human element," and more than 80% of Web application breaches are attributed to the use of stolen credentials, according to Verizon's "2022 Data Breach Investigations Report (DBIR)." 

MFA flooding, where an attacker will repeatedly attempt to log in using stolen credentials to create a deluge of push notifications, aims at taking advantage of users' fatigue for security warnings. "Push notifications are a step up from SMS, but are susceptible to MFA flooding and MFA fatigue attacks, bombarding the victim with notifications in the hope they will click 'Allow' on one of them," Caulfield says. 

Another popular tactic — the account reset attack — aims to fool tech support into giving attackers control of a targeted account, an approach that led to the successful compromise of the developer Slack channel for Take-Two Interactive's Rockstar Games, the maker of the Grand Theft Auto franchise.

"An attacker will compromise a user’s credentials, and then pose as a vendor or IT employee and ask the user for a verification code or to approve an MFA prompt on their phone," says Jordan LaRose, practice director for infrastructure security at NCC Group. "Attackers will often use the information they’ve already compromised as part of the social engineering attack to lull users into a false sense of security."

**Session Hijacking & Pass-the-Cookie Attacks**

After a worker logs in to an online account or cloud service, a session cookie containing the user’s authentication credentials is typically set and remains active until the user ends the session by logging out. A common post-compromise tactic is for the attacker to harvest every cookie in the browser cache for potential use as a session hijack or pass-the-cookie attack. Malware such as Emotet has this functionality as a regular feature.

Other variants of this attack use cross-site scripting or malicious browser extensions to take control of a user's session after they pass the MFA barrier, says NCC Group's LaRose.

"The ultimate goal of this technique is to attack the user’s session indirectly, and therefore not interact with the stronger security controls in the login flow," he says.

**Proxy Attacks & AitM**

Finally, attackers can try to compromise infrastructure between the users device and a cloud service or online site. Using a compromised or malicious server to intercept requests from the user and destination server, a proxy attack — or adversary-in-the-middle (AitM) attack — allows cyberattackers to harvest the authentication mechanism in real time.

"This allows the attackers to bypass most available methods of MFA, since the user is providing the site, and the hacker, with both the username and password and additional authentication," Drew Trumbull, incident response team lead with the Information Security Office at the University of North Carolina, said in a review of the technique.

The technique may have contributed to the breach at LastPass, where "the threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA," according to the company's statement.

**Resetting the Matrix**

To defend against the latest attacks, companies should deploy phishing-resistant MFA, which consists of something you own, such as a hardware key, and something you are, such as a biometric. Common hardware key solutions, such as Yubikey, have made phishing-resistant MFA more easy to deploy, says NCC Group's LaRose.

Unfortunately, there are still hurdles for companies in adopting hardware keys, making it difficult to attain complete coverage, says Oort's Caulfield.

"Just the logistics of shipping hardware-based security keys to every employee and managing the process when they lose them can be a nightmare," he says. "Shipping laptops and security keys to contractors is even harder."

And with the increased overhead to manage the devices comes another in-road for attackers — resetting an account following a lost or stolen device. By pretending to be the victim, an attacker can claim to have lost a device, allowing them to enroll a new factor upon sign-in or act during a reset grace period, says Oort's Caulfield. 

"MFA resets are a massive challenge," he says. "It’s likely we’ll see attackers shifting from the factor as a weakness to the registration and reset process."

And indeed, rather than use a hardware token, workers and consumers are far more likely to subscribe to a security question or use a time-based OTP (TOTP) received through email or SMS. Nearly 80% of users polled at identity-provider Okta, for example, use email as a second factor — and nearly 40% have a TOTP pushed to them through an application — while only about 5% use a token or Yubikey, according to Oort's "2023 State of Identity Security" report. Users of Azure AD and Duo Security show similar preferences, the report noted, with security questions and SMS passcodes dominating enrollment numbers.

Cyberattackers Double Down on Bypassing MFA

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    *   Explore
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   *   For
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    *   By Solution
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    *   Case Studies
    *   Customer Stories
    *   Resources
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    *   Repositories
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

CVE-2023-1117: optimized video thumbnail creation (#14472) · pimcore/pimcore@b9ba69f

@@ -123,9 +123,15 @@ pimcore.settings.email.blacklist = Class.create({ icon:"/bundles/pimcoreadmin/img/flat-color-icons/delete.svg", handler:function (grid, rowIndex) { let data \= grid.getStore().getAt(rowIndex); pimcore.helpers.deleteConfirm(t('email\_blacklist'), data.data.address, function () { grid.getStore().removeAt(rowIndex); }.bind(this)); const sanitizedEmail \= pimcore.helpers.sanitizeEmail(data.data.address);  
pimcore.helpers.deleteConfirm( t('email\_blacklist'), sanitizedEmail, function () { grid.getStore().removeAt(rowIndex); }.bind(this) ); }.bind(this) } \] @@ -185,8 +191,10 @@ pimcore.settings.email.blacklist = Class.create({ onAdd:function (btn, ev) { Ext.MessageBox.prompt("", t("email\_address"), function (button, value) { if(button \== "ok") { const sanitizedEmail \= pimcore.helpers.sanitizeEmail(value);  
var u \= { "address": value "address": sanitizedEmail };  
this.grid.store.insert(0, u);

CVE-2023-1116: [Task] Optimized blacklist email input (#14467) · pimcore/pimcore@f6d322e

CVE-2023-1115

A vulnerability was found in SourceCodester Simple Payroll System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=admin of the component POST Parameter Handler. The manipulation of the argument fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222073 was assigned to this vulnerability.

CVE-2023-1113

A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.

\-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory =============================== Advisory ID: ARUBA-PSA-2023-002 CVE: CVE-2021-3712, CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, CVE-2023-22750, CVE-2023-22751, CVE-2023-22752, CVE-2023-22753, CVE-2023-22754, CVE-2023-22755, CVE-2023-22756, CVE-2023-22757, CVE-2023-22758, CVE-2023-22759, CVE-2023-22760, CVE-2023-22761, CVE-2023-22762, CVE-2023-22763, CVE-2023-22764, CVE-2023-22765, CVE-2023-22766, CVE-2023-22767, CVE-2023-22768, CVE-2023-22769, CVE-2023-22770, CVE-2023-22771, CVE-2023-22772, CVE-2023-22773, CVE-2023-22774, CVE-2023-22775, CVE-2023-22776, CVE-2023-22777, CVE-2023-22778 Publication Date: 2023-Feb-28 Status: Confirmed Severity: Critical Revision: 1 Title ===== ArubaOS Multiple Vulnerabilities Overview ======== Aruba has released patches for ArubaOS that address multiple security vulnerabilities. Affected Products ================= - - - Aruba Mobility Conductor (formerly Mobility Master) - - - Aruba Mobility Controllers - - - WLAN Gateways and SD-WAN Gateways managed by Aruba Central Affected Software Versions: - ArubaOS 8.6.x.x: 8.6.0.19 and below - ArubaOS 8.10.x.x: 8.10.0.4 and below - ArubaOS 10.3.x.x: 10.3.1.0 and below - SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.8 and below Updating a branch of ArubaOS to the version listed in the Resolution section at the end of this advisory resolve all known issues with that branch. The following ArubaOS and SD-WAN software versions that are End of Life are affected by these vulnerabilities and are not patched by this advisory: - - - ArubaOS 6.5.4.x: all - - - ArubaOS 8.7.x.x: all - - - ArubaOS 8.8.x.x: all - - - ArubaOS 8.9.x.x: all - - - SD-WAN 8.6.0.4-2.2.x.x: all Details ======= Multiple Unauthenticated Command Injections in the PAPI Protocol (CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, CVE-2023-22750) --------------------------------------------------------------------- There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Internal References: ATLWL-250, ATLWL-316, ATLWL-317, ATLWL-318 Severity: Critical CVSSv3 Overall Score: 9.8 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Discovery: These vulnerabilities were discovered and reported by Erik de Jong (bugcrowd.com/erikdejong) via Aruba's Bug Bounty Program. Workaround: Enabling the Enhanced PAPI Security feature using a non-default key will prevent exploitation of this vulnerability. Please contact Aruba Support for any configuration assistance. Unauthenticated Stack-Based Buffer Overflow Vulnerabilities in the PAPI Protocol (CVE-2023-22751, CVE-2023-22752) --------------------------------------------------------------------- There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Internal Reference: ATLWL-252, ATLWL-331 Severity: Critical CVSSv3 Overall Score: 9.8 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Discovery: These vulnerabilities were discovered and reported by Erik de Jong (bugcrowd.com/erikdejong) via Aruba's Bug Bounty Program. Workaround: Enabling the Enhanced PAPI Security feature using a non-default key will prevent exploitation of this vulnerability. Please contact Aruba Support for any configuration assistance. Unauthenticated Buffer Overflow Vulnerabilities in ArubaOS Processes (CVE-2023-22753, CVE-2023-22754, CVE-2023-22755, CVE-2023-22756, CVE-2023-22757) --------------------------------------------------------------------- There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. Internal References: ATLWL-194, ATLWL-269 Severity: High CVSSv3 Overall Score: 8.1 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Discovery: These vulnerabilities were discovered and reported by Haoliang Lu. Resolved Versions: Please note that due the complexity of code changes involved it was not possible to backport changes for these specific vulnerabilities (CVE-2023-22753, CVE-2023-22754, CVE-2023-22755, CVE-2023-22756, CVE-2023-22757) to ArubaOS 8.6.x. Customers using firmware versions in the 8.6.x branch are urged to implement the workaround listed in this section or to upgrade to ArubaOS 8.10.x. Workaround: Enabling the Enhanced PAPI Security feature using a non-default key will prevent exploitation of this vulnerability. Please contact Aruba Support for any configuration assistance. Authenticated Read Buffer Overruns Processing ASN.1 Strings in ArubaOS (CVE-2021-3712) --------------------------------------------------------------------- A vulnerability exists which allows an authenticated attacker to access sensitive information via the ArubaOS web-based management interface. Successful exploitation allows an attacker to gain access to some data in a cleartext format exposing other network infrastructure to further compromise. Internal references: ATLWL-295 Severity: High CVSSv3.1 Overall Score: 7.4 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Discovery: This vulnerability was discovered and reported by Ingo Schwarze. Workaround: See the Workaround section at the end of this document. Authenticated Remote Command Execution in ArubaOS Web-based Management Interface (CVE-2023-22758, CVE-2023-22759, CVE-2023-22760, CVE-2023-22761) --------------------------------------------------------------------- Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS. Internal references: ATLWL-177, ATLWL-265, ATLWL-274, ATLWL-276 Severity: High CVSSv3 Overall Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: These vulnerabilities were discovered and reported by Daniel Jensen (@dozernz), Erik de Jong (bugcrowd.com/erikdejong) and Nikita Abramov via Aruba's Bug Bounty Program. Workaround: Block access to the ArubaOS web-based management interface from all untrusted users. Authenticated Remote Command Execution in the ArubaOS Command Line Interface (CVE-2023-22762, CVE-2023-22763, CVE-2023-22764, CVE-2023-22765, CVE-2023-22766, CVE-2023-22767, CVE-2023-22768, CVE-2023-22769, CVE-2023-22770) --------------------------------------------------------------------- Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Internal Reference: ATLWL-103, ATLWL-203, ATLWL-206, ATLWL-221, ATLWL-227, ATLWL-229, ATLWL-240, ATLWL-314, ATLWL-319 Severity: High CVSSv3 Overall Score: 7.2 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Discovery: These vulnerabilities were discovered and reported by Erik de Jong (bugcrowd.com/erikdejong) and Daniel Jensen (@dozernz) via Aruba's bug bounty program. Workaround: See the Workaround section at the end of this document. Insufficient Session Expiration in ArubaOS Command Line Interface (CVE-2023-22771) --------------------------------------------------------------------- An insufficient session expiration vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability allows an attacker to keep a session running on an affected device after the removal of impacted account. Internal References: ATLWL-117 Severity: Medium CVSSv3 Overall Score: 6.8 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H Discovery: This vulnerability was discovered and reported by Mitchell Pompe of Netskope. Workaround: Block access to the ArubaOS command line interface from all untrusted users. Authenticated Path Traversal in ArubaOS Web-based Management Interface Allows for Arbitrary File Deletion. (CVE-2023-22772) --------------------------------------------------------------------- An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system. Internal References: ATLWL-277 Severity: Medium CVSSv3 Overall Score: 6.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H Discovery: This vulnerability was discovered and reported by Nikita Abramov via Aruba's Bug Bounty Program. Workaround: Block access to the ArubaOS web-based management interface from all untrusted users. Authenticated Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Deletion. (CVE-2023-22773, CVE-2023-22774) --------------------------------------------------------------------- Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system. Internal References: ATLWL-228, ATLWL-230 Severity: Medium CVSSv3 Overall Score: 6.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H Discovery: These vulnerabilities were discovered and reported by Erik de Jong (bugcrowd.com/erikdejong) via Aruba's Bug Bounty Program. Workaround: Block access to the ArubaOS command line interface from all untrusted users. Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface (CVE-2023-22775) --------------------------------------------------------------------- A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level. Internal Reference: ATLWL-121 Severity: Medium CVSSv3 Overall Score: 6.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Discovery: This vulnerability was discovered and reported by Erik De Jong (bugcrowd.com/erikdejong) via Aruba's Bug Bounty Program. Workaround: Block access to the ArubaOS command line interface from all untrusted users. Authenticated Remote Path Traversal in ArubaOS Command Line Interface Allows for Arbitrary File Read (CVE-2023-22776) --------------------------------------------------------------------- An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files. Internal references: ATLWL-127 Severity: Medium CVSSv3 Overall Score: 4.9 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Discovery: This vulnerability was discovered and reported by Nicholas Starke of Aruba Threat Labs. Workaround: Block access to the ArubaOS Command Line Interface from all untrusted users. Authenticated Information Disclosure in ArubaOS Web-based Management Interface (CVE-2023-22777) --------------------------------------------------------------------- An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system. Internal References: ATLWL-275 Severity: Medium CVSSv3 Overall Score: 4.9 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Discovery: This vulnerability was discovered and reported by Nikita Abramov via Aruba's Bug Bounty Program. Workaround: Block access to the ArubaOS web-based management interface from all untrusted users. Authenticated Stored Cross-Site Scripting (CVE-2023-22778) --------------------------------------------------------------------- A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. Internal Reference: ATLWL-32 Severity: Medium CVSSv3 Overall Score: 4.8 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Discovery: This vulnerability was discovered and reported by Phil Purviance (@superevr) via Aruba's Bug Bounty Program. Workaround: See the Workaround section at the end of this document. Resolution ========== PLEASE NOTE - To fully patch the unauthenticated buffer overflow vulnerabilities disclosed above customers must upgrade to the following versions: - ArubaOS 8.10.x.x: 8.10.0.5 and above - ArubaOS 8.11.x.x: 8.11.0.0 and above - ArubaOS 10.3.x.x: 10.3.1.1 and above - SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.9 and above Customers who choose to implement the workarounds listed in the Workaround section below should note that all other vulnerabilities listed in this document are addressed by the following versions: - ArubaOS 8.6.x.x: 8.6.0.20 and above - please note that not all issues are fixed in 8.6.x.x. See the Details section above for specific information - ArubaOS 8.10.x.x: 8.10.0.5 and above - ArubaOS 8.11.x.x: 8.11.0.0 and above - ArubaOS 10.3.x.x: 10.3.1.1 and above - SD-WAN 8.7.0.0-2.3.0.x: 8.7.0.0-2.3.0.9 and above Aruba does not evaluate or patch ArubaOS branches that have reached their End of Support (EoS) milestone. For more information about Aruba's End of Support policy visit: https://www.arubanetworks.com/support-services/end-of-life/ Workaround ========== To minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the communication between Controller/Gateways and Access-Points be restricted either by having a dedicated layer 2 segment/VLAN or, if Controller/Gateways and Access-Points cross layer 3 boundaries, to have firewall policies restricting the communication of these authorized devices. Enabling the Enhanced PAPI Security feature will prevent the PAPI-specific vulnerabilities above from being exploited Vulnerability specific workarounds are listed per vulnerability above. Please note that this advisory contains specific workarounds and patching instructions for critical security vulnerabilities. Contact Aruba Support for any configuration assistance. Exploitation and Public Discussion ================================== Aruba is not aware of any public discussion or exploit code that target these specific vulnerabilities as of the release date of the advisory. Revision History ================ Revision 1 / 2023-Feb-28 / Initial release Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products and obtaining assistance with security incidents is available at: https://www.arubanetworks.com/support-services/security-bulletins/ For reporting \*NEW\* Aruba Networks security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: https://www.arubanetworks.com/support-services/security-bulletins/ (c) Copyright 2023 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQFLBAEBCAA1FiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAmP1O7QXHHNpcnRAYXJ1 YmFuZXR3b3Jrcy5jb20ACgkQmP4JykWFhtma3wf/UaegXoxn4E/aljG9pIGUiCUt BqqZP1UrYE4kKfZOCjmapL550Cl5TmDN2PkAQiJNUHGjORM0xc/YxZiPe4gHJ93A vhtd4IZFT1ghTTuQiqddP+b+aZWRk9V+vvSoqih41vqNG9+XufPs1DGQ3ib2g7dU ILX9p3kdPM6jb8HPlB8CPzVtWDgyMT1Szx6zDBbCUm8rN9RM5o21GGFNP30Wd4mE 2tbDye2ca94mOMZKCH2N48zldjC5Ygyq1m33gpcARe/ai0kpg/rqZHrFi6l5PMKE R/eK/tzqjMIm+ObTafTaXnYGO2/uIkSyVUR5Xf+c9uNYq6v0hpkK9OsGyQd9Og== =bxQQ -----END PGP SIGNATURE-----

CVE-2023-22778

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script in the context of the affected interface or access sensitive, browser-based information.

*   When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
    
    In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
    
    **Fixed Releases**
    
    At the time of publication, the release information in the following tables was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
    
    The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability that is described in this advisory and which release included the fix for this vulnerability.
    
    Cisco ISE Release
    
    First Fixed Release
    
    2.7 and earlier
    
    Not vulnerable
    
    3.1 and earlier
    
    Not vulnerable
    
    3.2
    
    3.2 P1
    
    For instructions on upgrading your device, see the Upgrade Guides located on the Cisco Identity Service Engine support page.
    
    The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.

CVE-2023-20085: Cisco Security Advisory: Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

*   When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution.
    
    In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
    
    **Fixed Releases**
    
    At the time of publication, the release information in the following tables was accurate. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
    
    The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability that is described in this advisory and which release included the fix for this vulnerability.
    
    Cisco Nexus Dashboard Release
    
    First Fixed Release
    
    Earlier than 2.3(1c)
    
    2.3(1c)
    
    The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.

CVE-2023-20053: Cisco Security Advisory: Cisco Nexus Dashboard Cross-Site Scripting Vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.

CVE-2023-1104: huntr – Security Bounties for any GitHub repository

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    *   Explore
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   *   For
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    *   By Solution
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    *   Case Studies
    *   Customer Stories
    *   Resources
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    *   Repositories
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

Tag

#xss