CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Summary
Jte HTML templates with script tags or script attributes that include a Javascript template string (backticks) are subject to XSS.
Details
The javaScriptBlock and javaScriptAttribute methods in the Escape class (source) do not escape backticks, which are used for Javascript template strings. Dollar signs in template strings should also be escaped as well to prevent undesired interpolation.
PoC
Use the Jte Gradle Plugin with the following code in src/jte/xss.jte:@param String someMessage
<!DOCTYPE html>
<html lang="en">
<head>
<title>XSS Test</title>
<script>window.someVariable = `${someMessage}`;</script>
</head>
<body>
<h1>XSS Test</h1>
</body>
</html>
Use the following Java code to demonstrate the XSS vulnerability:final StringOutput output = new StringOutput();
JtexssGenerated.render(new OwaspHtmlTemplateOutput(output), null, "` + alert(`xss`) + `");
renderHtml(output);
Impact
HTML templates rendered by Jte's OwaspHtmlTemplateOutput in versions less than or equal to 3.1.15 with script tags or script attributes that contain Javascript template strings (backticks) are vulnerable.
References
https://github.com/casid/jte/security/advisories/GHSA-vh22-6c6h-rm8q
https://github.com/casid/jte/commit/a6fb00d53c7b8dbb86de933215dbe1b9191a57f1
https://github.com/advisories/GHSA-vh22-6c6h-rm8q
January 13th, 2025 (6 months ago)
|
|
|
Description: Summary
Jte HTML templates with script tags or script attributes that include a Javascript template string (backticks) are subject to XSS.
Details
The javaScriptBlock and javaScriptAttribute methods in the Escape class (source) do not escape backticks, which are used for Javascript template strings. Dollar signs in template strings should also be escaped as well to prevent undesired interpolation.
PoC
Use the Jte Gradle Plugin with the following code in src/jte/xss.jte:@param String someMessage
<!DOCTYPE html>
<html lang="en">
<head>
<title>XSS Test</title>
<script>window.someVariable = `${someMessage}`;</script>
</head>
<body>
<h1>XSS Test</h1>
</body>
</html>
Use the following Java code to demonstrate the XSS vulnerability:final StringOutput output = new StringOutput();
JtexssGenerated.render(new OwaspHtmlTemplateOutput(output), null, "` + alert(`xss`) + `");
renderHtml(output);
Impact
HTML templates rendered by Jte's OwaspHtmlTemplateOutput in versions less than or equal to 3.1.15 with script tags or script attributes that contain Javascript template strings (backticks) are vulnerable.
References
https://github.com/casid/jte/security/advisories/GHSA-vh22-6c6h-rm8q
https://github.com/casid/jte/commit/a6fb00d53c7b8dbb86de933215dbe1b9191a57f1
https://github.com/advisories/GHSA-vh22-6c6h-rm8q
January 13th, 2025 (6 months ago)
|
|
|
Description: A security vulnerability has been identified that allows admin users to access sensitive server environment variables and system properties through user-configurable URLs. Specifically, when configuring backchannel logout URLs or admin URLs, admin users can include placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with the actual values of environment variables or system properties during URL processing.
References
https://github.com/keycloak/keycloak/security/advisories/GHSA-f4v7-3mww-9gc2
https://github.com/keycloak/keycloak/commit/7a76858fe4aa39a39fb6b86dd3d2c113d9c59854
https://github.com/advisories/GHSA-f4v7-3mww-9gc2
January 13th, 2025 (6 months ago)
|
|
|
Description: A potential Denial of Service (DoS) vulnerability has been identified in Keycloak, which could allow an administrative user with the rights to change realm settings to disrupt the service. This is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that is already terminated, leading to a failure of said request.
Service disruption may happen, users will be unable to access applications relying on Keycloak, or any of the consoles provided by Keycloak itself on the affected realm.
References
https://github.com/keycloak/keycloak/security/advisories/GHSA-w3g8-r9gw-qrh8
https://github.com/keycloak/keycloak/commit/93b2a7327b2557eb132a8169086c5e63c81dff79
https://github.com/advisories/GHSA-w3g8-r9gw-qrh8
January 13th, 2025 (6 months ago)
|
|
|
Description: Kim Dotcom Police Raid Video
January 13th, 2025 (6 months ago)
|
|
|
Description: Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability. [...]
January 13th, 2025 (6 months ago)
|
|
|
January 13th, 2025 (6 months ago)
|
|
|
Description: The Hellcat ransomware group has stolen roughly 5,000 documents, potentially containing confidential information, from the telecom giant's internal database.
January 13th, 2025 (6 months ago)
|
|
|
Description: RipperSec Targeted the Website of University of New South Wales
January 13th, 2025 (6 months ago)
|
|
|
Description: Syrian Elektronik Army Claims to have Leaked the Data of Goldheart
January 13th, 2025 (6 months ago)
|