<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Cve-2026-35169 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/cve-2026-35169/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Sun, 28 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/cve-2026-35169/feed.xml" rel="self" type="application/rss+xml"/><item><title>LORIS Reflected Cross-Site Scripting Vulnerability (CVE-2026-35169)</title><link>https://feed.craftedsignal.io/briefs/2024-01-28-loris-xss/</link><pubDate>Sun, 28 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-28-loris-xss/</guid><description>A reflected cross-site scripting vulnerability (CVE-2026-35169) exists in the LORIS help_editor module due to insufficient sanitization of user-supplied variables, potentially leading to arbitrary markdown file downloads or script execution if a user clicks a crafted link.</description><content:encoded><![CDATA[<p>LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application used for data and project management in neuroimaging research. Versions prior to 27.0.3 and 28.0.1 contain a reflected cross-site scripting (XSS) vulnerability (CVE-2026-35169) in the <code>help_editor</code> module. The vulnerability stems from the module's failure to properly sanitize user-supplied variables. An attacker could exploit this by crafting a malicious link and tricking a user into clicking it, leading to arbitrary script execution in the user's browser. Additionally, the same input vector can be leveraged to download arbitrary markdown files from the unpatched server. Organizations using LORIS should upgrade to version 27.0.3 or 28.0.1 to remediate this risk.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>Attacker identifies a vulnerable LORIS instance running a version prior to 27.0.3 or 28.0.1.</li>
<li>Attacker crafts a malicious URL containing a JavaScript payload in a parameter processed by the <code>help_editor</code> module. The payload could be designed to steal cookies, redirect the user, or deface the web page.</li>
<li>The attacker distributes the malicious URL to a target user via email, social media, or other means.</li>
<li>The target user, believing the link to be legitimate, clicks on the malicious URL.</li>
<li>The user's browser sends a request to the LORIS server, including the malicious JavaScript payload as a parameter.</li>
<li>The LORIS server's <code>help_editor</code> module fails to properly sanitize the user-supplied input.</li>
<li>The server reflects the unsanitized JavaScript payload back to the user's browser within the HTML response.</li>
<li>The user's browser executes the malicious JavaScript code, enabling the attacker to perform actions within the context of the user's session or download arbitrary markdown files.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of the XSS vulnerability (CVE-2026-35169) in LORIS could lead to various detrimental outcomes. An attacker could steal sensitive user session cookies, potentially gaining unauthorized access to the LORIS application and associated data. The attacker could also deface the LORIS website, redirect users to phishing pages, or perform other malicious actions within the user's browser. Furthermore, the ability to download arbitrary markdown files can expose sensitive documentation or configuration details stored on the server, potentially aiding further attacks. Given LORIS's use in managing neuroimaging research data, a successful attack could compromise sensitive patient or research information.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately upgrade LORIS to version 27.0.3 or 28.0.1 to patch CVE-2026-35169 and prevent exploitation of the XSS vulnerability.</li>
<li>Deploy the provided Sigma rule to your SIEM to detect attempts to exploit the XSS vulnerability in the LORIS <code>help_editor</code> module.</li>
<li>Implement input validation and output encoding in the <code>help_editor</code> module to prevent XSS vulnerabilities in the future.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>xss</category><category>cve-2026-35169</category><category>loris</category></item></channel></rss>