Impact
It’s possible to store a JavaScript which will be executed by anyone viewing the history of an attachment containing javascript in its name.
For example, attachment a file with name ><img src=1 onerror=alert(1)>.jpg will execute the ale…
[parse-url] parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing
parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL’s protocol as ssh. It may also parse the host name incorrectly.
References
https://nvd.nist.gov/vuln/det…
[smarty/smarty] Smarty Cross-site Scripting vulnerability in pages that use smarty_function_mailto
In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows cross-site scripting. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaSc…
[pimcore/pimcore] Pimcore vulnerable to stored stored Cross-site Scripting via`properties` when creating new users
Pimcore prior to 10.5.6 is vulnerable to stored cross-site scripting. This occurs when an attacker injects a payload when adding properties for a new user.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3211
https://github.com/pimcore/pimcore/co…
[topthink/framework] ThinkPHP deserialization vulnerability
ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. This vulnerability allows attackers to execute arbitrary code via a crafted payload.
References
https://nvd.nist.go…
[rdiffweb] rdiffweb CSRF vulnerability in profile’s SSH keys can lead to unauthorized access
rdiffweb prior to 2.4.3 is vulnerable to Cross-Site Request Forgery (CSRF). While adding SSH public keys to the profile, the server accepts the GET request, which results in adding an SSH public key to the profile and leads to unauthorized access to th…
[steal] steal vulnerable to Prototype Pollution via key variable in babel.js
Prototype pollution vulnerability in function extend in babel.js in stealjs steal via the key variable in babel.js.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-37266
https://github.com/stealjs/steal/issues/1535
https://github.com/stealjs/stea…
[steal] steal vulnerable to Prototype Pollution via requestedVersion variable
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal via the requestedVersion variable in the npm-convert.js file.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-37257
https://github.com/stealjs/steal/iss…
[steal] steal vulnerable to Prototype Pollution via optionName variable
Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-37264
https://github.com/stealjs/steal/issues/1533
https://github.com/stealjs/steal/blob/c9dd1eb19ed3…
[steal] steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal via the source and sourceWithComments variable in main.js.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-37262
https://github.com/stealjs/steal/issues/1531
https://g…