#xss

### Impact Gotify exposes an outdated instance of the [Swagger UI](https://swagger.io/tools/swagger-ui/) API documentation frontend at `/docs` which is susceptible to reflected XSS attacks when loading external Swagger config files. Specifically, the DOMPurify version included with this version of Swagger UI is vulnerable to a [rendering XSS](https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/) incorporating the mutation payload detailed in [CVE-2020-26870](https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/) which was patched in 2021. This is further tracked in the GitHub Advisory Database as GHSA-QRMM-W75W-3WPX. An attacker can execute arbitrary JavaScript and potentially take over the account of the user that clicked the link. Keep in mind, the Gotify UI won't natively expose such a malicious link, so an attacker has to get the user to open the malicious link in a context outside of Gotify. ### Patches The vu...

An issue was discovered in EasyVista 2020.2.125.3 before 2022.1.110.1.02. It is prone to stored Cross-site Scripting (XSS).

The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme.

The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is occurring because 'sanitize_text_field' is insufficient to prevent attribute-based Cross-Site Scripting

Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

MOV.AI Robotics Engine version 2.2.3-3 suffers from multiple cross site scripting vulnerabilities.

A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.0 < V3.3.9), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.8). The affected module is vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link.

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.

tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes.