Security
Headlines
HeadlinesLatestCVEs

Tag

#php

GHSA-62r2-gcxr-426x: starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field

### Summary A user with the `editmyprivateinfo` right or who can otherwise change their name can XSS themselves by setting their "real name" to an XSS payload. ### Details Here's the offending line: https://github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/d45c3d69f30863f622f16eb40dd41d3ca943454a/includes/Components/CitizenComponentUserInfo.php#L137 This was introduced in 717d16af35b10dab04d434aefddbf991fc8c168c ### PoC 1. Login 2. Go to Special:Preferences 3. Set the real name field to a string like `<script>alert("Admin with a propensity for self-XSSes")</script>` 4. Save your settings and use Citizen if it's not being used already ![](https://github.com/user-attachments/assets/22adbb70-fcd7-4f81-8e53-1f5f3a730270) ### Impact Any user who can change their name (whether it's through the editmyprivateinfo right or through other means) can add XSS payloads that trigger for themselves only.

ghsa
Open in Source
#xss#vulnerability#web#git#php#auth
GHSA-h5q3-fjp4-2x7r: MantisBT vulnerable to information disclosure with user profiles

Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. ### Impact Disclosure of private system profiles: Platform, OS, OS version, Description. ### Patches Work in progress ### Workarounds None ### References https://mantisbt.org/bugs/view.php?id=34640

Student Enrollment 1.0 Arbitrary File Upload

Student Enrollment version 1.0 suffers from an arbitrary file upload vulnerability.

Sistem Penyewaan Baju atau Pakaian Berbasis Web 1.0 SQL Injection

Sistem Penyewaan Baju atau Pakaian Berbasis Web version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Simple Student Quarterly Result / Grade System 1.0 Insecure Settings

Simple Student Quarterly Result / Grade System version 1.0 suffers from an ignored default credential vulnerability.

Simple Responsive Tourism Website 1.0 Cross Site Request Forgery

Simple Responsive Tourism Website version 1.0 suffers from a cross site request forgery vulnerability.

Simple Music Management System 1.0 Add Administrator / Cross Site Request Forgery

Simple Music Management System version 1.0 suffers from add administrator and cross site request forgery vulnerabilities.

Sample Blog Site 1.0 Cross Site Scripting / Remote File Inclusion

Sample Blog Site version 1.0 suffers from cross site scripting and remote file inclusion vulnerabilities.

GHSA-9h9q-qhxg-89xr: Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting

### Summary If values passed to a `ColorColumn` or `ColumnEntry` are not valid and contain a specific set of characters, applications are vulnerable to Cross-site Scripting (XSS) attack against a user who opens a page on which a color column or entry is rendered. Versions of Filament from v3.0.0 through v3.2.114 are affected. Please upgrade to Filament [v3.2.115](https://github.com/filamentphp/filament/releases/tag/v3.2.115). ### PoC > *PoC will be published in a few weeks, once developers have had a chance to upgrade their apps.* ### Response This vulnerability (in `ColorColumn` only) was reported by @sv-LayZ, who reported the issue and patched the issue during the evening of 25/09/2024. Thank you Mattis. The review process concluded on 27/09/2024, which revealed the issue was also present in `ColorEntry`. This was fixed the same day and Filament [v3.2.115](https://github.com/filamentphp/filament/releases/tag/v3.2.115) followed. > *An explanation of the fix will be published ...