40826D

**Nome do Software Vulnerável e Versões Afetadas** absinthe plug versões 1.2.0 a 1.10.1 **Descrição** O cross-site scripting refletido é possível através da interface GraphiQL. A função `js escape/1` em `lib/absinthe/plug/graphiql.ex` não escapa barras invertidas ao processar o parâmetro GET `query` antes de incorporá-lo em uma string JavaScript inline. Um invasor pode burlar a filtragem de aspas simples e novas linhas prefixando uma aspa com uma barra invertida, permitindo a execução de JavaScript arbitrário no navegador da vítima. **Recomendações** Atualizar para a versão 1.10.2.

**Name of the Vulnerable Software and Affected Versions** X-WRT luci versions up to 22.10 b202303061504 **Description** A problematic issue has been found in the 404 Error Template Handler component, affecting the function `run action` of the file `modules/luci-base/ucode/dispatcher.uc`. The manipulation of the argument `request path` leads to cross-site scripting. The attack may be initiated remotely. **Recommendations** To address this issue, upgrade to version 22.10 b202303121313. As a temporary workaround, consider restricting access to the `run action` function of the `dispatcher.uc` file until the patch is applied. Additionally, avoid manipulating the `request path` argument in the affected component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Social Share, Social Login and Social Comments WordPress plugin versions prior to 7.13.52 **Description** The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitized and escaped before being outputted back in the page. This could be exploited against high-privilege users, such as administrators. The vulnerability exists due to inadequate protection of the web page structure, allowing a remote attacker to conduct cross-site scripting attacks. **Recommendations** For Social Share, Social Login and Social Comments WordPress plugin versions prior to 7.13.52, update to version 7.13.52 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation. Avoid using the vulnerable parameter in the affected page until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Miniflux versions prior to 2.0.43 **Description** Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the `METRICS COLLECTOR` configuration option is enabled and `METRICS ALLOWED NETWORKS` is set to `127.0.0.1/8` (the default). **Recommendations** For versions prior to 2.0.43, update to Miniflux 2.0.43 to resolve the issue. As a temporary workaround, set `METRICS COLLECTOR` to `false` (default) or run Miniflux behind a trusted reverse-proxy.

**Name of the Vulnerable Software and Affected Versions** Miniflux versions 2.0.25 through 2.0.42 **Description** The issue arises when Miniflux automatically proxies images served over HTTP to prevent mixed content errors. If an outbound request made by the Go HTTP client fails, the `html.ServerError` is returned unescaped without the expected Content Security Policy header. An attacker can create an RSS feed item with an `<img>` tag containing a `srcset` attribute pointing to an invalid URL, coercing the proxy handler into an error condition where the invalid URL is returned unescaped. This can lead to JavaScript execution on the Miniflux instance when a user opens the broken image, allowing the attacker to execute arbitrary JavaScript in the context of the victim user and potentially gain administrative access. **Recommendations** For Miniflux versions 2.0.25 through 2.0.42, update to version 2.0.43 to resolve the issue. As a temporary workaround, consider disabling the image proxy, with the default value set to `http-only`.

**Name of the Vulnerable Software and Affected Versions** Hasura GraphQL Engine versions prior to 1.3.4 Hasura GraphQL Engine versions prior to 2.55.1 Hasura GraphQL Engine versions prior to 2.20.1 Hasura GraphQL Engine versions prior to 2.21.0-beta1 **Description** A path traversal vulnerability has been discovered within Hasura GraphQL Engine. The vulnerability affects self-hosted Hasura projects with publicly exposed deployments that are not protected by a WAF or other HTTP protection layer. Projects running on Hasura Cloud are not vulnerable. **Recommendations** For versions prior to 1.3.4, upgrade to version 1.3.4 to receive a patch. For versions prior to 2.55.1, upgrade to version 2.55.1 to receive a patch. For versions prior to 2.20.1, upgrade to version 2.20.1 to receive a patch. For versions prior to 2.21.0-beta1, upgrade to version 2.21.0-beta1 to receive a patch.