enero 2020 – Página 7 – Javier García

MSA-20-0001: Stored XSS in message conversation overview

by Michael Hawkins. Messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored XSS.Severity/Risk:SeriousVersions affected:3.8Versions fixed:3.8.1Reported by:Cid da CostaWorkaround:Disable the messaging system until the patch has been applied.CVE identifier:CVE-2020-1691Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-67637Tracker issue:MDL-67637 Stored XSS in message conversation overview More info: https://moodle.org/mod/forum/discuss.php?d=395953&parent=1596360

2J SlideShow < 1.3.40 – Authenticated Arbitrary Plugin Deactivation

More info: https://wpvulndb.com/vulnerabilities/10034

Contextual Adminbar Color < 0.3 – Authenticated Stored Cross-Site Scripting Issue

More info: https://wpvulndb.com/vulnerabilities/10033

Resim Ara <= 3.0 – Unauthenticated Reflected XSS

https://wpvulndb.com/vulnerabilities/10030 More info: https://wpvulndb.com/vulnerabilities/10030

Marketo Forms and Tracking <= 1.0.2 – CSRF to XSS

https://wpvulndb.com/vulnerabilities/10031 More info: https://wpvulndb.com/vulnerabilities/10031

Batch-Move Posts <= 1.5 – Broken Authentication leading to Unauthenticated Stored XSS

https://wpvulndb.com/vulnerabilities/10032 More info: https://wpvulndb.com/vulnerabilities/10032

DSA-4603 thunderbird – security update

Multiple security issues have been found in Thunderbird which couldpotentially result in the execution of arbitrary code or informationdisclosure. More info: https://www.debian.org/security/2020/dsa-4603

Batch-Move Posts <= 1.5 – Broken Authentication leading to Unauthenticated Stored XSS

More info: https://wpvulndb.com/vulnerabilities/10032

Marketo Forms and Tracking <= 1.0.2 – CSRF to XSS

More info: https://wpvulndb.com/vulnerabilities/10031

Marketo Forms and Tracking <= 1.0.2 – CSRF to XSS

More info: https://wpvulndb.com/vulnerabilities/10031

jQuery(document).ready(function ($) { var wgm_map = new google.maps.Map(document.getElementById("srm_gmp_embed_1"), { center: new google.maps.LatLng(40.19124029999999,-3.6740181999999777), zoom: 13, mapTypeId: google.maps.MapTypeId.ROADMAP, scrollwheel: true, zoomControl: true, mapTypeControl: true, streetViewControl: true, fullscreenControl: true, draggable: true, disableDoubleClickZoom: false, panControl: true }); var wgm_theme_json = null; if (wgm_theme_json && wgm_theme_json.length > 0) { try { wgm_map.setOptions({ styles: JSON.parse(wgm_theme_json) }); } catch (e) { console.error('Invalid map theme JSON:', e); } } // To view directions form and data var wgm_data_1 = { 'action': 'wpgmapembed_p_get_markers_by_map_id', _wgm_p_nonce: 'a6d1ad67a3', 'data': { map_id: '106' } }; var wgm_ajaxurl_1 = 'https://garsan.synology.me/wordpress/wp-admin/admin-ajax.php' jQuery.post(wgm_ajaxurl_1, wgm_data_1, function (response) { response = JSON.parse(response); if (response.markers.length === 1) { var wgm_marker_to_1 = response.markers[0].marker_desc; jQuery('#srm_gmap_to_1').val(wgm_marker_to_1.replace(/(]+)>)/gi, "")); } var wgm_default_marker_icon_1 = 'https://maps.gstatic.com/mapfiles/api-3/images/spotlight-poi2.png'; if (response.markers.length > 0) { var custom_markers = []; var custom_marker_infowindows = []; response.markers.forEach(function (wgm_marker, i) { var wgm_marker_lat_lng_1 = wgm_marker.lat_lng.split(','); wgm_custom_marker_1 = new google.maps.Marker({ position: new google.maps.LatLng(wgm_marker_lat_lng_1[0], wgm_marker_lat_lng_1[1]), title: wgm_marker.marker_name, animation: google.maps.Animation.DROP, icon: (wgm_marker.icon === '') ? wgm_default_marker_icon_1 : wgm_marker.icon }); custom_markers[i] = wgm_custom_marker_1; wgm_custom_marker_1.setMap(wgm_map); var wgm_marker_name_1 = (wgm_marker.marker_name !== null) ? ('' + wgm_marker.marker_name + '
') : ''; custom_marker_infowindow = new google.maps.InfoWindow({ content: wgm_marker_name_1 + wgm_marker.marker_desc }); custom_marker_infowindows[i] = custom_marker_infowindow; if (wgm_marker.show_desc_by_default === '1') { custom_marker_infowindow.open({ anchor: wgm_custom_marker_1, shouldFocus: false }); } else { google.maps.event.addListener(wgm_custom_marker_1, 'click', function () { custom_marker_infowindows[i].open({ anchor: custom_markers[i], shouldFocus: false }); }); } if (wgm_marker.have_marker_link === '1') { google.maps.event.addListener(wgm_custom_marker_1, 'click', function () { var wgm_target = '_self'; if (wgm_marker.marker_link_new_tab === '1') { wgm_target = '_blank'; } window.open(wgm_marker.marker_link, wgm_target); }); } }); } }); });

Translate »