Tag
#xss
### Impact This vulnerability allows an attacker who controls content on the target site, or on a subdomain of the target site (either via XSS, or otherwise) to bypass Cross-Site Request Forgery checks and issue requests on user's behalf. ### Details Due to misuse of the Go `net/http` library, nosurf categorizes all incoming requests as plain-text HTTP requests, in which case the `Referer` header is not checked to have the same origin as the target webpage. If the attacker has control over HTML contents on either the target website (e.g. `example.com`), or on a website hosted on a subdomain of the target (e.g. `attacker.example.com`), they will also be able to manipulate cookies set for the target website. By acquiring the secret CSRF token from the cookie, or overriding the cookie with a new token known to the attacker, `attacker.example.com` is able to craft cross-site requests to `example.com`. ### Patches A patch for the issue was released in nosurf 1.2.0. ### Workarounds ...
An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF).
### Impact The Trix editor, in versions prior to 2.1.15, is vulnerable to XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's session, potentially leading to unauthorized actions being performed or sensitive information being disclosed. ### Patches Update Recommendation: Users should upgrade to Trix editor version 2.1.15 or later. ### References The XSS vulnerability was reported by HackerOne researcher [hiumee](https://hackerone.com/hiumee?type=user).
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series Vulnerabilities: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Validation of Specified Index, Position, or Offset in Input 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute cross-site scripting or trigger a denial-of-service condition on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports the following products are affected: RTU500 series: Versions 12.0.1 to 12.0.14 RTU500 series: Versions 12.2.1 to 12.2.11 RTU500 series: Versions 12.4.1 to 12.4.11 RTU500 series: Versions 12.6.1 to 12.6.9 RTU500 series: Versions 12.7.1 to 12.7.6 RTU500 series: Versions 13.2.1 to 13.2.6 RTU500 series: Versions 13.4.1 to 13.4.3 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Neutralization of Input During Web Page Generation ('Cross-...
Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components
### Impact Two minor vulnerabilities were identified in the Graylog2 enterprise server, which can be combined to carry out a stored cross-site scripting attack. An attacker with the permission `FILES_CREATE` can exploit these vulnerabilities to upload arbitrary Javascript code to the Graylog2 server, which - upon requesting of the file by a user of the API browser - results in the execution of this Javascript code in the context of the Graylog frontend application. This enables the attacker to carry out authenticated API requests with the permissions of the logged-in user, thereby taking over the user session. ### Patches The generic API has been removed in 6.2.0 rendering the attack vector unreachable and additional escaping has been added. Analysis provided by Fabian Yamaguchi - Whirly Labs (Pty) Ltd
A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities. ### Impact Cross-site scripting (XSS) vulnerability in the management console. ### Patches Fixed in [HAL 3.7.11.Final](https://github.com/hal/console/releases/tag/v3.7.11) ### Workarounds No workaround available
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the modules/apps/marketplace/marketplace-app-manager-web.
Cross-Site Scripting (XSS) vulnerability exists in Mezzanine CMS 6.0.0 in the "View Entries" feature within the Forms module.
### Summary Cross-site scripting (XSS) vulnerability in the [Attributes extension](https://commonmark.thephpleague.com/extensions/attributes/) of the league/commonmark library (versions 1.5.0 through 2.6.x) allows remote attackers to insert malicious JavaScript calls into HTML. ### Details The league/commonmark library provides configuration options such as `html_input: 'strip'` and `allow_unsafe_links: false` to mitigate cross-site scripting (XSS) attacks by stripping raw HTML and disallowing unsafe links. However, when the Attributes Extension is enabled, it introduces a way for users to inject arbitrary HTML attributes into elements via Markdown syntax using curly braces. As a result, even with the secure configuration shown above, an attacker can inject dangerous attributes into applications using this extension via a payload such as: ```md ![](){onerror=alert(1)} ``` Which results in the following HTML: ```html <p><img onerror="alert(1)" src="" alt="" /></p> ``` Which cause...