Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

GHSA-xjfw-5vv5-vjq2: Cross-site Scripting in Filter Stream Converter Application in XWiki Platform

### Impact We found a possible XSS vector in the `Filter.FilterStreamDescriptorForm` wiki page related to pretty much all the form fields printed in the home page of the application. ### Patches The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. ### Workarounds The easiest workaround is to edit the wiki page `Filter.FilterStreamDescriptorForm` (with wiki editor) and change the lines ``` <input type="text" id="$descriptorId" name="$descriptorId" value="#if($request.get($descriptorId))$request.get($descriptorId)#else$descriptor.defaultValue#end"/> #else <input type="text" id="$descriptorId" name="$descriptorId"#if($request.get($descriptorId))value="$request.get($descriptorId)"#end/> ``` into ``` <input type="text" id="$descriptorId" name="$descriptorId" value="#if($request.get($descriptorId))$escapetool.xml($request.get($descriptorId))#else$descriptor.defaultValue#end"/> #else <input type="text" id="$descrip...

ghsa
Open in Source
#xss#jira
Ubuntu Security Notice USN-5457-1

Ubuntu Security Notice 5457-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

CVE-2021-27914

A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript

CVE-2021-27778: Knowledge Article View HCL - Customer Support

HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.

CVE-2022-1808: fix(core): verify user exists · polonel/trudesk@f739eac

Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3.

Red Hat Security Advisory 2022-2280-01

Red Hat Security Advisory 2022-2280-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.705. Issues addressed include cross site scripting and denial of service vulnerabilities.

CVE-2022-29258: [XWIKI-19293] XSS in Filter Stream Converter Application

XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Starting with versions 6.0-milestone-2 and 5.4.4 and prior to versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3, XWiki Platform Filter UI contains a possible cross-site scripting vector in the `Filter.FilterStreamDescriptorForm` wiki page related to pretty much all the form fields printed in the home page of the application. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest workaround is to edit the wiki page `Filter.FilterStreamDescriptorForm` (with wiki editor) according to the instructions in the GitHub Security Advisory.

Fast Food Ordering System 1.0 Cross Site Scripting

Fast Food Ordering System version 1.0 suffers from a persistent cross site scripting vulnerability.