CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Healthcare organizations of all shapes and sizes will be held to a stricter standard of cybersecurity starting in 2025 with new proposed rules, but not all have the budget for it.
January 3rd, 2025 (6 months ago)
|
|
|
Description: Integrity Technology Group was found complicit with Flax Typhoon as part of a broader Chinese strategy to infiltrate the IT systems of US critical infrastructure.
January 3rd, 2025 (6 months ago)
|
|
|
Description: Live Unredacted Ransomware Feed (Pro Subscribers)
January 3rd, 2025 (6 months ago)
|
|
|
Description: Alleged Data Leak of Port of Seattle
January 3rd, 2025 (6 months ago)
|
|
|
Description: Cross-Site Scripting (XSS) vulnerability in custom properties
Product: Phpspreadsheet
Version: version 3.6.0
CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS vector v.3.1: 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVSS vector v.4.0: 4.8 (AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N)
Description: the HTML page is generated without clearing custom properties
Impact: executing arbitrary JavaScript code in the browser
Vulnerable component: class PhpOffice\PhpSpreadsheet\Writer\Html, method generateMeta
Exploitation conditions: a user viewing a specially generated Excel file
Mitigation: additional sanitization of special characters in a string
Researcher: Aleksey Solovev (Positive Technologies)
Research
The researcher discovered zero-day vulnerability Cross-Site Scripting (XSS) vulnerability in custom properties in Phpspreadsheet.
The following code is written on the server, which translates the XLSX file into a HTML representation and displays it in the response.
Listing 9. Source code on the server
<?php
require __DIR__ . '/vendor/autoload.php';
$inputFileName = './doc/Book1.xlsx';
$spreadsheet = \PhpOffice\PhpSpreadsheet\IOFactory::load($inputFileName);
$writer = new \PhpOffice\PhpSpreadsheet\Writer\Html($spreadsheet);
print($writer->generateHTMLAll());
An attacker can embed a payload in a file property that will result in the execution of arbitrary JavaScript code.
The Excel file is unpacked and a custom ...
January 3rd, 2025 (6 months ago)
|
|
|
Description: Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header
Product: Phpspreadsheet
Version: version 3.6.0
CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS vector v.3.1: 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVSS vector v.4.0: 4.8 (AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N)
Description: the HTML page is formed without sanitizing the hyperlink base
Impact: executing arbitrary JavaScript code in the browser
Vulnerable component: class PhpOffice\PhpSpreadsheet\Writer\Html, method generateHTMLHeader
Exploitation conditions: a user viewing a specially generated Excel file
Mitigation: additional sanitization of special characters in a string
Researcher: Aleksey Solovev (Positive Technologies)
Research
The researcher discovered zero-day vulnerability Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header in Phpspreadsheet.
The following code is written on the server, which translates the XLSX file into a HTML representation and displays it in the response.
Listing 8. Source code on the server
<?php
require __DIR__ . '/vendor/autoload.php';
$inputFileName = './doc/Book1.xlsx';
$spreadsheet = \PhpOffice\PhpSpreadsheet\IOFactory::load($inputFileName);
$writer = new \PhpOffice\PhpSpreadsheet\Writer\Html($spreadsheet);
print($writer->generateHTMLAll());
An attacker can embed a payload in a file property that will result in the execution of arbitrary J...
January 3rd, 2025 (6 months ago)
|
|
|
Description: Bypass XSS sanitizer using the javascript protocol and special characters
Product: Phpspreadsheet
Version: version 3.6.0
CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS vector v.3.1: 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
CVSS vector v.4.0: 4.8 (AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N)
Description: an attacker can use special characters, so that the library processes the javascript protocol with special characters and generates an HTML link
Impact: executing arbitrary JavaScript code in the browser
Vulnerable component: class PhpOffice\PhpSpreadsheet\Writer\Html, method generateRow
Exploitation conditions: a user viewing a specially generated Excel file
Mitigation: additional sanitization of special characters in a string
Researcher: Aleksey Solovev (Positive Technologies)
Research
The researcher discovered zero-day vulnerability Bypass XSS sanitizer using the javascript protocol and special characters in Phpspreadsheet.
The following code is written on the server, which translates the XLSX file into a HTML representation and displays it in the response.
Listing 6. Source code on the server
<?php
require __DIR__ . '/vendor/autoload.php';
$inputFileName = './doc/Book1.xlsx';
$spreadsheet = \PhpOffice\PhpSpreadsheet\IOFactory::load($inputFileName);
$writer = new \PhpOffice\PhpSpreadsheet\Writer\Html($spreadsheet);
print($writer->generateHTMLAll());
An attacker can use special characters so that th...
January 3rd, 2025 (6 months ago)
|
|
|
Description: The proposed settlement would amount to roughly $20 per Apple product that has Siri enabled, for each plaintiff.
January 3rd, 2025 (6 months ago)
|
|
|
Description: The Trix editor, versions prior to 2.1.11, is vulnerable to XSS when pasting malicious code in the link field.
Impact
An attacker could trick the user to copy&paste a malicious javascript: URL as a link that would execute arbitrary JavaScript code within the context of the user's session, potentially leading to unauthorized actions being performed or sensitive information being disclosed.
See https://gist.github.com/th4s1s/3921fd9c3e324ad9a3e0d846166e3eb8
Patches
Update Recommendation: Users should upgrade to Trix editor version 2.1.12 or later.
Workarounds
This is not really a workaround but something that should be considered in addition to upgrading to the patched version. If affected users can disallow browsers that don't support a Content Security Policy, then this would be an effective workaround for this and all XSS vulnerabilities. Set CSP policies such as script-src 'self' to ensure that only scripts hosted on the same origin are executed, and explicitly prohibit inline scripts using script-src-elem.
References
https://gist.github.com/th4s1s/3921fd9c3e324ad9a3e0d846166e3eb8
Credits
This vulnerability was reported by Hackerone researcher https://hackerone.com/lio346?type=user
References
https://github.com/basecamp/trix/security/advisories/GHSA-j386-3444-qgwg
https://github.com/basecamp/trix/commit/180c8d337f18e1569cea6ef29b4d03ffff5b5faa
https://github.com/basecamp/trix/commit/c4f0d6f80654603932af6685694f694e96593b93
https://gist.github.com/th4s1s/3921fd9c3e324ad9...
January 3rd, 2025 (6 months ago)
|
|
|
Description: Omnisci3nt: Unveiling the Hidden Layers of the Web – A Comprehensive Web Reconnaissance Tool
January 3rd, 2025 (6 months ago)
|