Aaron Bishop

**Nome do software vulnerável e versões afetadas: Versões do TinyMCE anteriores à 5.6.0 Descrição: Foi descoberta uma vulnerabilidade de cross-site scripting armazenada na lógica de sanitização de URLs do analisador principal, permitindo a execução arbitrária de JavaScript ao inserir conteúdo especialmente criado no editor. Isso afeta todos os usuários que utilizam o TinyMCE 5.5.1 ou versões anteriores. Um invasor remoto e não autenticado poderia inserir HTML malicioso no editor, resultando na execução arbitrária de JavaScript no navegador de outro usuário. Recomendações: Para resolver o problema, atualize para o TinyMCE 5.6.0 ou superior. Como solução temporária, sanitize manualmente os atributos de URL `iframe`, `object` e `embed` usando um filtro de nó do TinyMCE. Como alternativa, desative os elementos `iframe`, `object` e `embed` em seu conteúdo usando a configuração `invalid elements`.

**Nome do software vulnerável e versões afetadas** MITREid Connect versões 1.3.3 e anteriores **Descrição** A vulnerabilidade permite um ataque XSS devido à inclusão não sanitizada de `userInfoJson` na página, relacionada a `header.tag`. Isso pode ser explorado para executar código JavaScript arbitrário. O nome do usuário é incluído em `topbar.tag` e `header.tag` sem ser sanitizado. **Recomendações** Para as versões 1.3.3 e anteriores, considere sanitizar o `userInfoJson` para prevenir ataques XSS. Como solução temporária, restrinja o uso de `header.tag` e `topbar.tag` para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** WiKID 2FA Enterprise Server versions through 4.2.0-b2047 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via multiple API endpoints, including "/wikid/servlet/com.wikidsystems.server.GetDomainHash" with the `H` parameter, and several other endpoints with the `S` parameter or an unspecified parameter `a`. These endpoints include "/wikid/DomainData", "/wikid/PreRegisterLookup", "/wikid/PreRegister", "/wikid/InitDevice", and several variations of "/wikid/servlet/InitDevice" and "/servlet/com.wikidsystems.server.InitDevice". The injected script or HTML is triggered when "Logs.jsp" is visited, as the `rendered message` column is retrieved and displayed unsanitized. **Recommendations** For WiKID 2FA Enterprise Server versions through 4.2.0-b2047, consider disabling access to the vulnerable API endpoints, such as "/wikid/servlet/com.wikidsystems.server.GetDomainHash", "/wikid/DomainData", "/wikid/PreRegisterLookup", "/wikid/PreRegister", "/wikid/InitDevice", and related "InitDevice" endpoints, until a patch is available. Additionally, restrict the use of the `H` and `S` parameters, as well as the unspecified parameter `a`, in these endpoints to minimize the risk of exploitation. Avoid using the `rendered message` column in "Logs.jsp" until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WiKID 2FA Enterprise Server versions through 4.2.0-b2047 **Description** A stored and reflected cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the "/WiKIDAdmin/groups.jsp" API endpoint. The `groupName` parameter is vulnerable, causing reflected cross-site scripting to occur immediately after a group is created. The malicious script is stored and will be executed again whenever the "/WiKIDAdmin/groups.jsp" endpoint is visited. **Recommendations** For WiKID 2FA Enterprise Server versions through 4.2.0-b2047, consider disabling access to the "/WiKIDAdmin/groups.jsp" endpoint until a patch is available, and restrict the use of the `groupName` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WiKID 2FA Enterprise Server versions through 4.2.0-b2047 **Description** A stored and reflected cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the "/WiKIDAdmin/adm usrs.jsp" API endpoint. The `usr` parameter is vulnerable, with the reflected cross-site scripting occurring immediately after a user is created. The malicious script is stored and will be executed whenever the "/WiKIDAdmin/adm usrs.jsp" endpoint is visited. **Recommendations** For WiKID 2FA Enterprise Server versions through 4.2.0-b2047, consider disabling access to the "/WiKIDAdmin/adm usrs.jsp" endpoint until a fix is available, and restrict the use of the `usr` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** WiKID Enterprise 2FA Enterprise Server versions through 4.2.0-b2047 **Description** The issue allows for SQL injection through the "searchDevices.jsp" endpoint, utilizing the `uid` and `domain` parameters unsanitized in a SQL query constructed in the `buildSearchWhereClause` function. **Recommendations** For versions through 4.2.0-b2047, as a temporary workaround, consider restricting access to the "searchDevices.jsp" endpoint until a patch is available. Avoid using the `uid` and `domain` parameters in this endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** BlogEngine.NET versions 3.3.7.0 and earlier **Description** The issue is related to XML External Entity Blind Injection. It is associated with the `pingback.axd` endpoint and the `BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs` file. **Recommendations** For BlogEngine.NET versions 3.3.7.0 and earlier, consider disabling the `pingback.axd` endpoint until a patch is available. Restrict access to the `BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 (affected versions not specified) **Description** The issue is related to the lack of protection of the web page structure in Zyxel firewalls, allowing a remote attacker to perform a cross-site scripting attack using the `mp idx` parameter. This can lead to Reflected XSS on the Zyxel login page. **Recommendations** For Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, consider disabling access to the vulnerable login page until a patch is available. As a temporary workaround, avoid using the `mp idx` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.