A malicious content author could upload a GPX file with a Javascript payload. The payload could then be executed by luring a legitimate user to view the file in a browser with support for GPX files. GPX is an XML-based format used to store GPS data.
By…
[silverstripe/admin] URL XSS vulnerability due to outdated jquery in CMS
Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 of 3).
References
https://nvd.nist.gov/vuln/detail/CVE-2022-38146
https://forum.silverstripe.org/c/releases
https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstri…
[engine.io] Uncaught exception in engine.io
Impact
A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process.
events.js:292
throw er; // Unhandled ‘error’ event
^
Error: read ECONNRESET
at TCP.onStreamRead (inter…
[org.xwiki.platform:xwiki-platform-rest-server] Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-server
Impact
The modifications rest endpoint does not filter out entries according to the user’s rights.
Therefore, information hidden from unauthorized users are exposed though the modifications rest endpoint (e.g., comments, page names…).
Patches
Users …
[org.xwiki.platform:xwiki-platform-livetable-ui] Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui
Impact
User without the right to view documents can deduce their existence by repeated Livetable queries.
Reproduction steps
Restrict “view” access to Sandbox.TestPage3 by setting an explicit view right for admins
As a user who is not an admin, open &…
[org.xwiki.platform:xwiki-platform-security-authentication-default] Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default
Impact
We discovered that when the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and next versions.
Note that it only concerns the reset password feature a…
[org.xwiki.platform:xwiki-platform-oldcore] Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore
Impact
It’s possible for a user with only Script rights to enable or disable a user: this operation should be only doable for users with admin rights.
Patches
This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1.
Workarounds
There is no …
[fastify] Fastify: Incorrect Content-Type parsing can lead to CSRF attack
Impact
The attacker can use the incorrect Content-Type to bypass the Pre-Flight checking of fetch. fetch() requests with Content-Type’s essence as “application/x-www-form-urlencoded”, “multipart/form-data”, or “text/plain”, could potentially be used to…
[tensorflow-cpu] Invalid char to bool conversion when printing a tensor
Impact
When printing a tensor, we get it’s data as a const char* array (since that’s the underlying storage) and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so sanitizers/fuzz…
[kiwitcms] Cross-site Scripting in kiwitcms
A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.
References
https://nvd.nist….