An unpatched stored cross-site-scripting (XSS) security vulnerability affecting Linux marketplaces could allow unchecked, wormable supply-chain attacks, researchers have found. The bug was found to affect Pling-based markets by researchers at Positive Security, including AppImage Hub, Gnome-Look, KDE Discover App Store, Pling.com and XFCE-Look. The PlingStore application is affected by a remote code-execution (RCE) vulnerability, which researchers said can be triggered from any website while the app is running.
Source: https://threatpost.com/unpatched-linux-marketplace-bugs-rce/167155/