GitLab: XSS: `v-safe-html` is not safe enough

v-safe-html directive uses Dompurify to remove data-remote', 'data-url', 'data-type', 'data-method' attributes from HTML tags. Rails-js relies on another attribute, data-disable-with to show a HTML content when an user clicks on a disabled link. For example, the following text will bypass the...

GitLab: Content injection in Jira issue title enabling sending arbitrary POST request as victim

Summary The issue described here leads to the same outcome as my previous report, https://hackerone.com/reports/1409788 . So look into that one for further details on the JavaScript gadgets. Also see my report https://hackerone.com/reports/1481207 for a detailed rundown of injections in GitLab...

Server side request forgery in SwaggerUI

SwaggerUI supports displaying remote OpenAPI definitions through the ?url parameter. This enables robust demonstration capabilities on sites like petstore.swagger.io, editor.swagger.io, and similar sites, where users often want to see what their OpenAPI definitions would look like rendered...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1253-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1250-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...

Reflected Cross-Site Scripting

Overview There is an XSS vulnerability in affected versions of auth0-lock. Overview Versions before and including 11.30.0 are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's - flashMessage feature is utilized and user input or data from URL parameters is...

GHSA-JR3J-WHM4-9WWM Reflected XSS when using flashMessages or languageDictionary

Overview Versions before and including 11.30.0 are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's - flashMessage feature is utilized and user input or data from URL parameters is incorporated into the flashMessage. - languageDictionary feature is utilized a...

Reflected XSS when using flashMessages or languageDictionary

Overview Versions before and including 11.30.0 are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's - flashMessage feature is utilized and user input or data from URL parameters is incorporated into the flashMessage. - languageDictionary feature is utilized a...

Cross-Site Scripting

Overview Impact In highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. Especially when using the useHTML flag, HTML string options...

Options structure open to Cross-site Scripting if passed unfiltered

Impact In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. Especially when using the useHTML flag, HTML string options would be...

CVE-2021-29489

Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The...

CVE-2021-29489

Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The...

Design/Logic Flaw

Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The...

CVE-2021-29489 Options structure open to XSS if passed unfiltered

Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The...

Highcharts JS 跨站脚本漏洞

Highcharts JS is an SVG-based JavaScript charting framework. DOMPurify is a DOM Document Object Model written in JavaScript for HTML, MathML and SVG. A cross-site scripting vulnerability exists in Highcharts JS, which can be exploited by an attacker to execute code in a browser...

BMD BMDWeb 2.0 Cross Site Scripting Vulnerability

======================================================================= title: Stored Cross Site Scripting Outdated software library product: BMD BMDWeb 2.0 vulnerable version: BMD versions prior to 24.01.21 fixed version: 24.01.21 and 24.02.11 or higher CVE number: - impact: High homepage:...

BMD BMDWeb 2.0 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross Site Scripting Outdated software library product: BMD BMDWeb 2.0 vulnerable version: BMD versions prior to 24.01.21 fixed version: 24.01.21 and 24.02.11 or...

The vulnerability of the DOMPurify library, related to the lack of protective measures for the structure of web pages, allows attackers to execute cross-site scripting attacks.

The vulnerability of the DOMPurify library is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability can allow an attacker operating remotely to perform a cross-site scripting attack...

GitLab: Stored XSS in repository file viewer

Summary There exists XSS in swagger-ui version used in GitLab open API viewer. The XSS exists due to the old version of DOMpurify used in swagger-ui that allows an attacker can inject any HTML elements with any attributes except script tag on the page. The XSS in POC requires 1 click anywhere on...

Cross-Site Scripting

Overview Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. Recommendation Upgrade to version 2.0.17 or...