This URL could be distributed via email to specifically target certain individuals. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. In versions prior to 6.3.2 a payments info page of Pay is susceptible to reflected Cross-site scripting. Pay is a payments engine for Ruby on Rails 6.0 and higher. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. Users should update to version 10.5.21 to receive a patch or, as a workaround, apply the patch manual.Īnchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources.Īrcher Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. The JavaScript file is successfully read only if the web application has read access to it. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of `./` patterns to go out from the application webroot followed by path of the folder where the file is located in the "scriptPath" parameter and the file name in the "scripts" parameter. The `scriptPath` parameter is not sanitized properly and is vulnerable to path traversal attack. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scripts` parameters. Pimcore is an open source data and experience management platform. The issue has been patched in version `0.6.1`. Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can lead to a security impact. The likelihood of exploitation is questionable, given that a class's metadata can only be set or altered when the class is decorated via `meta()`. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` decorator from the package. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana is the support package for Ion, a monorepo for JavaScript/TypeScript packages. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. Kibana version 8.7.0 contains an arbitrary code execution flaw. As a workaround, use `htmlspecialchars` when calling `$field->setTitle` on line #245 in the `week.php` file, as happens in version 1. Such script could then be executed in user browser on subsequent requests to week view. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. and prior was not escaping titles for notes in week view table. The week view plugin in Time Tracker versions 1. Time Tracker is an open source time tracking system. The easiest possible workaround is to edit file `/templates/importinline.vm` and apply the modification described in commit 28905f7f518cc6f21ea61fe37e9e1ed97ef36f01. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. XWiki Platform is a generic wiki platform.
0 Comments
Leave a Reply. |