Bugreporter

**Name of the Vulnerable Software and Affected Versions** WikibaseMediaInfo extension version 1.35 **Description** The issue arises from improper template syntax within the `PropertySuggestionsWidget` template, specifically in the `templates/search/PropertySuggestionsWidget.mustache+dom` file, allowing for XSS. **Recommendations** For WikibaseMediaInfo extension version 1.35, consider updating the `PropertySuggestionsWidget` template to correct the improper syntax and prevent XSS attacks. As a temporary workaround, restrict access to the `PropertySuggestionsWidget` template until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.33.1 **Description** The issue allows attackers to bypass the Title blacklist protection mechanism. This can be achieved by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using `redirect=1` in the "action API" when editing that page. The vulnerability is related to redirecting URLs to untrusted sites, which can allow a remote attacker to gain unauthorized access to confidential data and impact data integrity. **Recommendations** For MediaWiki versions prior to 1.33.1, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting the use of the `redirect=1` parameter in the action API until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Norwegian Air Shuttle airline kiosk (affected versions not specified) **Description** The issue allows physically proximate attackers to bypass the intended UI step and obtain administrative privileges and network access on the underlying Windows OS. This is achieved by accessing a touch-screen print icon to manipulate the print dialog. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpwcms versions 1.2.5-DEV and earlier phpwcms versions 1.1 before RC4 **Description** The issue allows remote attackers to execute arbitrary code via a crafted argument to the `nome evento` parameter to "phpwcms code snippets/mail file form.php" and "sample ext php/mail file form.php", which is processed by the `render PHPcode` function. **Recommendations** For phpwcms versions 1.2.5-DEV and earlier, update to a version later than 1.2.5-DEV to resolve the issue. For phpwcms versions 1.1 before RC4, update to version 1.1 RC4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `nome evento` parameter in the affected API endpoints until a patch is available.

**Name of the Vulnerable Software and Affected Versions** phpwcms versions 1.2.5-DEV and earlier phpwcms versions 1.1 before RC4 **Description** The issue allows remote attackers to execute arbitrary code via crafted arguments to the `text evento` and `email eventonome evento` parameters to "phpwcms code snippets/mail file form.php" and "sample ext php/mail file form.php", which is processed by the `render PHPcode` function. **Recommendations** For phpwcms versions 1.2.5-DEV and earlier, consider disabling the `render PHPcode` function until a patch is available. For phpwcms versions 1.1 before RC4, avoid using the `text evento` and `email eventonome evento` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** phpwcms versions 1.1 through 1.1 RC4 phpwcms versions 1.2.5-DEV and earlier **Description** The issue allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (`HTTP REFERER`). This is due to a CRLF injection vulnerability in files such as `include/inc act/act formmailer.php` and possibly `sample ext php/mail file form.php`. **Recommendations** For phpwcms versions 1.1 through 1.1 RC4, update to a version later than RC4 to resolve the issue. For phpwcms versions 1.2.5-DEV and earlier, update to a version later than 1.2.5-DEV to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable files `act formmailer.php` and `mail file form.php` to minimize the risk of exploitation.