Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

Debian Security Advisory 5762-1

Debian Linux Security Advisory 5762-1 - The WebKitGTK web engine suffers from multiple vulnerabilities. An anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash. Huang Xilin discovered that processing maliciously crafted web content may lead to an unexpected process crash. Huang Xilin discovered that processing maliciously crafted web content may lead to an unexpected process crash. More issues are listed in this advisory.

Packet Storm
Open in Source
#xss#vulnerability#web#linux#debian#js#auth#webkit
GHSA-8266-84wp-wv5c: Svelte has a potential mXSS vulnerability due to improper HTML escaping

### Summary A potential XSS vulnerability exists in Svelte for versions prior to 4.2.19. ### Details Svelte improperly escapes HTML on server-side rendering. It converts strings according to the following rules: - If the string is an attribute value: - `"` -> `&quot;` - `&` -> `&amp;` - Other characters -> No conversion - Otherwise: - `<` -> `&lt;` - `&` -> `&amp;` - Other characters -> No conversion The assumption is that attributes will always stay as such, but in some situation the final DOM tree rendered on browsers is different from what Svelte expects on server-side rendering. This may be leveraged to perform XSS attacks. More specifically, this can occur when injecting malicious content into an attribute within a `<noscript>` tag. ### PoC A vulnerable page (`+page.svelte`): ```html <script> import { page } from "$app/stores" // user input let href = $page.url.searchParams.get("href") ?? "https://example.com"; </script> <noscript> <a href={href}...

WordPress GetYourGuide Ticketing 1.0.6 Cross Site Scripting

WordPress GetYourGuide Ticketing plugin version 1.0.6 suffers from a cross site scripting vulnerability.

WordPress WP Event Manager 3.1.44 Cross Site Scripting

WordPress WP Event Manager plugin version 3.1.44 suffers from a cross site scripting vulnerability.

GHSA-wgmf-q9vr-vww6: PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information

### Summary `\PhpOffice\PhpSpreadsheet\Writer\Html` doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to inject arbitrary JavaScript on the page. ### PoC Example target script: ``` <?php require 'vendor/autoload.php'; $reader = \PhpOffice\PhpSpreadsheet\IOFactory::createReader("Xlsx"); $spreadsheet = $reader->load(__DIR__ . '/book.xlsx'); $writer = new \PhpOffice\PhpSpreadsheet\Writer\Html($spreadsheet); print($writer->generateHTMLAll()); ``` Save this file in the same directory: [book.xlsx](https://github.com/PHPOffice/PhpSpreadsheet/files/15212797/book.xlsx) Open index.php in a web browser. An alert should be displayed. ### Impact Full takeover of the session of users viewing spreadsheet files as HTML.

vTiger CRM 7.4.0 Cross Site Scripting

vTiger CRM version 7.4.0 suffers from multiple reflective cross site scripting vulnerabilities.

Gitea 1.22.0 Cross Site Scripting

Gitea version 1.22.0 suffers from a cross site scripting vulnerability.

Notemark 0.13.0 Cross Site Scripting

Notemark versions 0.13.0 and below suffer from a cross site scripting vulnerability.