Threats Tagged 'cwe-79'

The ProfileGrid – User Profiles, Groups and Communities WordPress plugin is vulnerable to stored cross-site scripting (XSS) via the 'pm_author_message' parameter in the pm_send_message_to_author function. This vulnerability affects all versions up to and including 5.9.9.2 due to insufficient input sanitization and output escaping. Authenticated users with Subscriber-level access or higher can inject malicious scripts that execute when other users view the affected pages. A partial patch was introduced in version 5.9.8.5, but the vulnerability remains in later versions up to 5.9.9.2.

A reflected cross-site scripting (XSS) vulnerability exists in AKIN Software Computer Import Export Industry and Trade Ltd. e-Commerce product versions before 1.25.01.06. This vulnerability is due to improper neutralization of input during web page generation, allowing attackers to inject malicious scripts. The CVSS 3.1 base score is 6.1, indicating a medium severity level. No official patch or remediation guidance is currently available from the vendor.

Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment. This allows an attacker to publish an extension with a malicious SVG icon and achieve stored cross-site scripting (XSS) when a user navigates directly to the icon URL. On deployments using local storage, script execution occurs within the Open VSX application origin, enabling session hijacking, authentication token theft, and unauthorized extension publishing. On deployments backed by external storage (such as open-vsx.org with an S3-backed CDN), execution is confined to the storage origin, reducing impact but still permitting phishing attacks and credential harvesting through attacker-crafted pages.

The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoint before storing it as post meta and rendering it back on the admin File Manager listing, leading to a Stored Cross-Site Scripting vulnerability exploitable by users with Subscriber-level access and above against an administrator viewing the file management interface.

The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors via a crafted link or cross-site form submission.

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attacker could plant malicious HTML or JavaScript and achieve XSS that executes for users who view the form. This vulnerability is fixed in 3.3.53.

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the ImageColumn and ImageEntry components render raw database values without escaping HTML. Where the data passed to these components isn't validated, an attacker could plant malicious HTML or JavaScript and achieve stored XSS that executes for users who view the table or schema. This vulnerability is fixed in 4.11.5 and 5.6.5.

Fabric.js versions prior to 7.4.0 contain a Cross-Site Scripting (XSS) vulnerability in the toSVG() method. The vulnerability arises from improper escaping of user-controlled input in the color field of the colorStops array within fabric.Gradient objects during SVG serialization. This can allow an attacker to inject arbitrary HTML or SVG, potentially executing JavaScript in a victim's browser if the generated SVG is rendered into the DOM. The issue is fixed in version 7.4.0.

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20.

Astro web framework versions prior to 6.4.6 contain a cross-site scripting (XSS) vulnerability in the spreadAttributes function used during server-side rendering. This function improperly escapes object keys when spreading attributes onto HTML elements, allowing untrusted input to inject arbitrary HTML attributes or elements. The vulnerability is fixed in version 6.4.6. The CVSS score is 4.2, indicating medium severity.