mooSocial v3.1.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the change email function.

*   Home
*   Features
*   Screenshots
*   Pricing
*   Services
*   Testimonials
*   Showcases
*   Add-ons
*   Contact

**Mobile Friendly Social Network Software**

mooSocial is the best social network script to create a niche community or social site. It is features packed, highly configurable, expandable with many quality add-ons. mooSocial is mobile-friendly ready, it is easily accessible thru mobile web or Android and iOS mobile apps. Start your community site in minutes, It is easy to use even without design or programing skills.

Or

See people talking about us

Great aftermarket customer services

Reviewed by **Eddie Alder**

Fantastic product and customer support!

Reviewed by **Brett Cohen**

I have had only good experiences with the software mooSocial

Reviewed by **Dejan Dejan**

Hands down the best social network software period!

Reviewed by **Julian Hughes**

**Why Choose mooSocial?**

mooSocial is a **"white labeled" php social network software.  
It is **light, fast, easy to customize, and mobile-friendly.****

**

**Full Feature**

With all the features to build a successful social network e.g. blog, photo, group, event, video, topic…

**Monetization**

MooSocial supports many monetization methods such as advertising placement services, ad-free membership or exclusive access rights.

**Quick Support**

Multiple support channels (ticket, skype, community and online chat), Active Development and Docs

**Performance**

It has a lightweight codebase which will run blazingly fast even on a shared web hosting service.

**Mobile Apps**

Our publishable mobile apps will bring your community closer customer’s finger tip and allow you to engage with your members in a whole new way.

**No limit on code access**

Get all source code include mobi app source code.

**Addons**

Expand your social network easily, affordably with high-quality plugins and themes made by the same team. Most of plugins are compatible with Mobile Apps

**Internationalization (I18n)**

MooSocial is able to cater to users in different languages. It can handle multiple languages, scripts and cultural conventions (currency, sorting rules, number and dates formats…) without the need for redesign.

**Zero headache**

Zero headache to deal with 3rd party developers and compatible issues between developers becuase everything is from mooSocial Team





**

**

*   Full Features  - Click here to see a full list of features
    
    **User Profile**
    
    *   Activity Feed
    *   Friends
    *   Profile Privacy Settings
    *   Profile Cover Picture
    *   Profile Search
    *   Searchable Custom Profile Fields
    *   Featured Profile
    *   Friendly Profile URL
    
    **Video Sharing**
    
    *   Easily Share Youtube/Vimeo Videos
    *   Privacy Options
    *   Comments & Likes
    *   Tags
    *   Social Sharing
    *   Videos Search & Category
    *   Related Videos
    
    **User Group**
    
    *   Activity Feed
    *   Group Photos, Videos, Topics
    *   Invitation System
    *   Privacy Options
    *   Featured Groups
    *   Group Search & Category
    *   Social Sharing
    *   Membership Approval
    
    **User Blog**
    
    *   WYSIWYG Editor
    *   Privacy Options
    *   Comments & Likes
    *   Tags
    *   Images Uploader
    *   Social Sharing
    *   Blogs Search
    
    **Discussion Topics**
    
    *   Attachments
    *   WYSIWYG Editor
    *   Comments & Likes
    *   Tags
    *   Social Sharing
    *   Topics Search & Category
    *   Pin/Lock Topic
    
    **Photo Album**
    
    *   Photo Tagging
    *   Privacy Options
    *   Comments & Likes
    *   Tags
    *   Easy Uploader
    *   Social Sharing
    *   Albums Search & Category
    
    **Admin Panel**
    
    *   Admin Notifications
    *   Custom Blocks
    *   Easy Logo Changer
    *   Bulk Mail
    *   Spam Challenges
    *   User Roles/Permissions
    *   Pages Manager
    *   Hooks Manager
    *   Plugins Manager
    *   Themes Manager
    *   Languages Manager
    
    **Miscellaneous**
    
    *   Mobile Site
    *   Private Message
    *   Notifications Center
    *   Friends Suggestion
    *   URL & Video Parsing in Activity Feed
    *   Upload Photo in Activity Feed
    *   Facebook Integration
    *   Global Search
    *   Item Reporting
    
    **Event Management**
    
    *   RSVP Tracking
    *   Activity Feed
    *   Invitation System
    *   Privacy Options
    *   Event Search & Category
    *   Social Sharing
    *   Event Map
    
    **Monetize Features**
    
    *   Membership Subscription
    *   PayPal Adaptive Payments
    *   Ad Network Support
    

**

**

**Pricing + Combo**

*   mooSocial Self-hosted
*   mooSocial Cloud

**mooSocial License**

**$ 99**

One-time-fee  
(1 domain)

30-days free support

Include All Core Features and Core Plugins: Blogs, Photos Videos, Topics, Groups, Events

Full Source Code

First time free installation service

White-label. Customizable

12 Months Update Subscription

You can buy mooSocial license now then get the apps in combo packages later here

Recommended

**Deluxe**

**

$697

$ 669**

One-time-fee  
(1 domain)

mooSocial Pro Licence ($299)

Android and IOS Licence ($398)

Full Source Code

First time free installation service

White-label. Customizable

REST API Library

12 Months Update Subscription

60-days free support

**Ultimate**

**

$3164

$ 1669**

**Services**

**SOFTWARE MODIFICATION**

Want a unique feature? A specialized  
plugin? or even some simple changes?  
Sure! Our Customization Team will  
develop it for you quickly and  
efficiently.

**THEME DEVELOPMENT**

Distinguish your site with style. Our  
Design Team knows how to create  
unique visual experiences which are  
crucial to the success of your business.

**SITE MIGRATION**

Have a Social Network already but  
wanted to move to mooSocial? No  
problem, our Digital Mover Team will  
have you settled in your new home  
comfortably.

**PRODUCT INSTALLATION**

Installing mooSocial is a "no brainer".  
However, if you do not want to be  
bothered with it, we could help to get  
your new site up and running in no time.

**PRODUCT UPGRADE**

It doesn't matter which version you  
currently have, or even if our script was  
modified. We can upgrade your site to  
the greatest and latest with everything  
intact.

**INTEGRATION**

We can get mooSocial integrated with  
any service out there whether it is a  
payment gateway or a CMS. As long as  
there is API access, We can do it.

**What people say about us**

**Fantastic product and customer support!**

The folks at mooSocial have been fantastic. They assisted me in getting the product installed on my server and have been so helpful. The product itself is top notch, I did not come across any other product that is so perfect for social media.

Reviewed by Brett Cohen

**Hands down the best social network software period!**

I give it 10 stars if I could. Ryan and his team provide excellent customer support and best of all, the best social network software on the market. Your time and money will not be waste if you go with this company. Other softwares are full of bugs but this one is a winner!

Reviewed by Julian Hughes

**Moosocial Best Platform Ever!!!**

Moosocial Best Platform with all the tools you need for a social network, and marketing website, a lot of potential for the price, is nicely succeeding on the tools they are providing. It has a wiki, an instant messages, document management system - all (and a lot more) integrated in one extensible platform. Very recommended! Attractive interface and full of functionalities. Also excellent support from their community.

Reviewed by William D. Abreu

**Best around!**

We had tried many platforms including JomSocial, Dolphin.Pro, And Users Ultra before finding MooSocial. Let me just say that MooSocial is the absolute BEST social networking platform we've seen. The platform is great, the staff are helpful, and the community is helpful.

Reviewed by Jordan Dawson

**Very great powerful script for social network**

i used to be with oxwall until i bumped into moo social its got so much more great stuff that wow,ed me the support has been great and moosocial is so much awesome :) keep up the great work

Reviewed by snitch567

**Best script, ready made social site**

I searched years for a good script, tried many out there, ans spent hard earned money looking for a great script to have a small social site. I was ready to quit, then happened across moosocial. It was a dream come true. You don't have to be a coder to have a great light script.

Reviewed by Mikailah

**5 stars!**

Awesome script and best social network script out there period. I dont see no bugs and installation was so simple. Great support too!

Reviewed by julz

**Showcases**

*   
*   
*   
*   

**Spice up your networks with these Add-ons and Turnkey Solutions**

*   
*   
*   
*   
*   
*   

MORE ADD-ONS

**F.A.Q**

*   Frequently Asked Questions
*   More FAQs

**Does your license expire?**

No, mooSocial License does not exprie. It is a perpetual license and you can use our software indeﬁnitely.

**Will I be able to download updates in the future if I buy now?**

Yes, all updates are free to download as long as your software update subscription is active. Each license includes a 12 months update subscription.

**What happens after my update subscription expires?**

You can renew your update subscription for a minimal cost. Otherwise, you can continue using the software on your site.

**How much does it cost to renew my update subscription?**

$49 for every 12 months.

**Is the source code encrypted?**

No, you have 100% access to the source code.

**Can I modify the software to meet my requirements?**

Yes, you can do whatever modifications that you wish.

**Do I need to have any mooSocial branding on my site?**

Absolutely not. Unlike other prodducts, we do not force you to have our branding on your site

**Do you offer custom service?**

Yes, we do provide custom theme & development service. Please contact us for more details

**What payment methods do you accept?**

Currently, we accept Paypal, Visa/Master card (via Paypal), Western Union and MoneyGram

**Is it easy to translate the software?**

Yes, very easy. All the language strings are in a single language file. You can also install a third party software to make your translation even easier.

**What are the server requirements?**

Minimum:

*   PHP 5.4+
*   MySQL 5+
*   PHP extensions: MySql PDO, GD2, Curl, libxml, exif, zlib (if you need to export theme)
*   Magic quotes must be disabled
*   Memory Limit: 128M+

Recommended:

*   Apache server with mod\_rewrite

**Do I have to pay extra to remove any mentions of mooSocial?**

No, absolutely not.

**Do you offer an installation of upgrades?**

We do offer an upgrade installation service, the cost of the upgrading service will depend on how many hours we need to spend to re-apply any customizations you've made so far.

**How many users can mooSocial support?**

It is primarily dependent on the capabilities of your server. On shared hosting, mooSocial be able to support tens of thousands of users, while a single dedicated server can usually support upwards of one hundred thousand however we make no guarantee of performance due to the many variables involved. For each case of servers, we need to analyze to optimize if it problem happened.

**How soon will I receive my download information after purchasing?**

You will receive your download information very shortly after purchase..

**Is my billing information kept private when I purchase?**

Absolutely. In fact, we never see or store your billing information on our servers. Your information is processed via paypal secure payment gateway.

**How many licenses do I need?**

Each license is valid for a single public installation of the software, regardless of domains. You are of course welcome to create a private copy for development purposes.

**Do I need more than one license if i'm installing mooSocial on several subdomains/directories?**

Yes, every installation of mooSocial requires a license. However, you are entitled to create a second private installation for development purposes provided it's not publicly accessible.

**If I upgrade to a new version, will I lose my customizations or admin panel settings?**

This depends on what type of customizations you've made. If you've simply created new files and linked to them from mooSocial, it's unlikely that you will lose any customizations you've made. If you've edited the core code and you overwrite it with the new files from the upgrade package, you may lose your customizations. To avoid this, please make sure you full backup before upgrading, use compare tool to compare and merge changes that you made into the new core code. We do provide upgrading service so that contact us if you’re not sure what you should do.

**Do you offer trial version?**

Yes, Please download at https://moosocial.com/free-trial-download/

**Can I redistribute or resell mooSocial?**

No, you are not allowed to redistribute or resell mooSocial in any way.

**Can I extend my support service?**

Yes, support service can be purchased for $39/month.

**Can mooSocial be installed in a subdirectory or subdomain?**

Yes,You can install it on any location on your server.

**Can I Try Before I Buy?**

Please download it here https://moosocial.com/free-trial-download/

**Will I lose all my users if I upgrade?**

All user data and settings will be retained after upgrading. Make sure you full backup your site before upgrading.

**Do I get support with my purchase?**

After purchasing a license, you will receive a 30 days FREE support service via our ticket system, online chat or client community at http://community.moosocial.com/

**What type of issues does support cover?**

Our support team will assist with initial Software installation, general questions related to the script and technical errors encountered during the normal use of unmodified script. We cannot assist with customization of the script.

**How long do I get support after purchase?**

Up to 60 days of support

**How long does it take to get a response from support?**

Response times vary based on ticket volume but we do our best to respond to all tickets within several hours during business hours, or the next business day if submitted during off hours.

**Can I sell my website in the future?**

Yes, you're free to sell your website but not your mooSocial license since the licenses are non-transferable. In other words, if you choose to sell your website which contains a mooSocial license on it, the new owner would need to purchase their own license. What many clients do is simply incorporate the cost of the new license into the sale price of the website and purchase a new license on behalf of the new owner.

**Can I hire mooSocial to write custom plugins/customizations?**

Yes, we’re happy to help.

**I don't have a domain yet. Can I still purchase mooSocial?**

Yes! You can purchase mooSocial now and update your registered domain name later.











**

CVE-2023-43326: mooSocial - PHP Social Networking Software

With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap.

The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use.

The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.



)\]}' { "commit": "902bc9190331343b2017211debcec8d2ab87e17a", "tree": "4f26b537e953ef6ba3d465ea96f30eedbac8737e", "parents": \[ "7ba44f80f3b94fc0138db159afea770ef06532a0" \], "author": { "name": "Vincent Rabaud", "email": "vrabaud@google.com", "time": "Thu Sep 07 19:16:03 2023" }, "committer": { "name": "Vincent Rabaud", "email": "vrabaud@google.com", "time": "Thu Sep 07 19:16:03 2023" }, "message": "Fix OOB write in BuildHuffmanTable.\\n\\nFirst, BuildHuffmanTable is called to check if the data is valid.\\nIf it is and the table is not big enough, more memory is allocated.\\n\\nThis will make sure that valid (but unoptimized because of unbalanced\\ncodes) streams are still decodable.\\n\\nBug: chromium:1479274\\nChange-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741\\n", "tree\_diff": \[ { "type": "modify", "old\_id": "4501216298b34662010af4a1c950b1d087966bef", "old\_mode": 33188, "old\_path": "src/dec/vp8l\_dec.c", "new\_id": "5ab34f56cd83347bc7442570434931e8210f3c3a", "new\_mode": 33188, "new\_path": "src/dec/vp8l\_dec.c" }, { "type": "modify", "old\_id": "72b2e861208447f45e5ee12eac57b9c36ff2cd31", "old\_mode": 33188, "old\_path": "src/dec/vp8li\_dec.h", "new\_id": "32540a4b88a05cc74b88f11da3f143e83be81c9c", "new\_mode": 33188, "new\_path": "src/dec/vp8li\_dec.h" }, { "type": "modify", "old\_id": "90c2fbf7c18c79ccb3597fe7cbbc332dbd1b2548", "old\_mode": 33188, "old\_path": "src/utils/huffman\_utils.c", "new\_id": "cf73abd437d02173f43c61c8877a5f467997774a", "new\_mode": 33188, "new\_path": "src/utils/huffman\_utils.c" }, { "type": "modify", "old\_id": "13b7ad1ac40c5316f5506d9b4cbf5039c9fd5600", "old\_mode": 33188, "old\_path": "src/utils/huffman\_utils.h", "new\_id": "98415c532895374ea28fc1dc5c9a15c751ea9ba0", "new\_mode": 33188, "new\_path": "src/utils/huffman\_utils.h" } \] }

CVE-2023-5129

An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint.

**About the Application**

This Service Provider Management System v.1.0 is a sort of Content Management System (CMS) that is built specifically for companies that provide different services. The project is a company website that allows the management to dynamically manage the site information and other data on the front end. This project has 2 modules which are the Public and Management site.

The Management Site is the side of the system where accessible to the company staff or system-registered users only. On this site, users are required to log in with their valid system credentials to gain access to the features and functionalities. Users have 2 different roles which are the Administrator and the Staff. The Administrator users have the privilege to manage and access all the features and functionalities of the said site while the Staff users only have limited permissions. Here, system users can manage the list of services that their company provided. They can also update the dynamic page content of the public website on this side.

**Vulnerability Description**

Privilege Escalation in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/manage_user&id=9 endpoint.

**Vulnerable Code**

**Filename:** /php-spms/admin/user/manage_user.php

**Vulnerable Endpoint:** /php-spms/admin/?page=user/manage_user&id=9

**Vulnerable Parameter:** id

**Code:**

1
2
3
4
5
6
7
8
9
10
11
12

<?php 
if(isset($_GET['id'])){
    $user = $conn->query("SELECT * FROM users where id ='{$_GET['id']}' ");
    foreach($user->fetch_array() as $k =>$v){
        $meta[$k] = $v;
    }
}
?>
<?php if($_settings->chk_flashdata('success')): ?>
<script>
	alert_toast("<?php echo $_settings->flashdata('success') ?>",'success')
</script>

The code checks if the id parameter is set in the URL but does not verify whether the authenticated user has the appropriate permissions to access the user data associated with that id. It assumes that anyone with the id parameter can access any user’s information. This oversight creates a security vulnerability known as ‘Broken Access Control (BAC), especially concerning the id parameters.

Broken Access Control is a security vulnerability in web applications and systems where proper access controls are not enforced, allowing unauthorized users to gain access to resources, perform actions they shouldn’t, or manipulate the system in unintended ways. Examples include inadequate authorization checks, missing authentication, direct object reference, overly permissive permissions, and failure to revoke access. To mitigate this issue, applications should implement strong access controls, enforce authentication and authorization rigorously, follow least privilege principles, and regularly test for and address potential access control problems.

**Impact of Broken Access Control**

The exact reasons for the impact of broken access control in a web application or system include:

**Unauthorized Access**: Broken access control allows unauthorized users to gain access to resources and functionality that should be restricted to certain users or roles.

**Data Exposure**: When access controls are not properly enforced, sensitive data can be exposed to users who shouldn’t have access, leading to data leaks and breaches.

**Data Manipulation**: Attackers can alter, delete, or insert data into the system, potentially causing data corruption and fraudulent activities.

**Attack Scenario**

*   Go to http://localhost/php-spms/admin/?page=user/list and create 2 user, alice as administrator and bob as staff.

_User creation_

*   Let’s view both user and notice the id assigned to each user.

_User id of both user_

*   Let’s login as bob who is a staff and visit the URL http://localhost/php-spms/admin/?page=user/manage_user&id=12

_Logged in as bob_

*   Let’s change the id value from 12->11 and see if we can access the details of user alice.

_Alice’s detail is accessible by bob_

*   We can able to view the information of alice, let’s try to change the password of alice.

_Alice’s password is changed_

Remediating broken access control vulnerabilities is crucial to secure your web application or system. To address these vulnerabilities effectively, follow these remediation steps:

**Implement Proper Authentication and Authorization**: Ensure that your application uses strong authentication mechanisms to verify user identities. Use multi-factor authentication (MFA) for added security. Implement fine-grained authorization controls based on user roles and privileges. Users should only have access to resources and actions they are authorized to use.

**Access Control Lists (ACLs) or Role-Based Access Control (RBAC)**: Implement ACLs or RBAC to define and manage access permissions for users and resources. This helps maintain a clear and structured access control policy.

**Secure Session Management**: Implement secure session management to ensure that session tokens are generated securely, invalidated after logout or inactivity, and protected against session fixation attacks.

That’s all in this writeup.

Thanks for reading this far. If you enjoyed the writeup, do support me **here**.

CVE-2023-43457: CVE-2023-43457 - Broken Access Control (BAC)

A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.

Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   OpenShift Dev Spaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Quarkus

**Integration and Automation**

All Products

Issued:

2023-03-01

Updated:

2023-03-01

**RHSA-2023:1043 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 7

**Type/Severity**

Security Advisory: Important

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 7.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.  

This release of Red Hat Single Sign-On 7.6.2 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.  

Security Fix(es):  

*   keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)
*   Moment.js: Path traversal in moment.locale (CVE-2022-24785)
*   keycloak: missing email notification template allowlist (CVE-2022-1274)
*   keycloak: minimist: prototype pollution (CVE-2021-44906)
*   moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
*   undertow: DoS can be achieved as Undertow server waits for the LAST\_CHUNK forever for EJB invocations (CVE-2022-2764)
*   snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
*   loader-utils: loader-utils:Regular expression denial of service (CVE-2022-37603)
*   keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
*   keycloak: path traversal via double URL encoding (CVE-2022-3782)
*   snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
*   snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
*   snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
*   keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)
*   keycloak: glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
*   json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
*   keycloak: keycloak: user impersonation via stolen uuid code (CVE-2023-0264)
*   snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
*   CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
*   rcue-bootstrap: bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
*   jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
*   sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
*   jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
*   jettison: parser crash by stackoverflow (CVE-2022-40149)
*   jackson-databind: use of deeply nested arrays (CVE-2022-42004)
*   jackson-databind: deep wrapper array nesting wrt UNWRAP\_SINGLE\_VALUE\_ARRAYS (CVE-2022-42003)
*   jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
*   jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
*   bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
*   jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
*   CXF: Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
*   keycloak: reflected XSS attack (CVE-2022-4137)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

**Solution**

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.  

For details on how to apply this update, refer to:  

https://access.redhat.com/articles/11258

**Affected Products**

*   Red Hat Single Sign-On 7.6 for RHEL 7 x86\_64

**Fixes**

*   BZ - 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
*   BZ - 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip
*   BZ - 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
*   BZ - 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
*   BZ - 2031904 - CVE-2022-1438 keycloak: XSS on impersonation under specific circumstances
*   BZ - 2066009 - CVE-2021-44906 minimist: prototype pollution
*   BZ - 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale
*   BZ - 2073157 - CVE-2022-1274 keycloak: HTML injection in execute-actions-email Admin REST API
*   BZ - 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS
*   BZ - 2117506 - CVE-2022-2764 Undertow: DoS can be achieved as Undertow server waits for the LAST\_CHUNK forever for EJB invocations
*   BZ - 2126789 - CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections
*   BZ - 2129706 - CVE-2022-38749 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode
*   BZ - 2129707 - CVE-2022-38750 snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject
*   BZ - 2129709 - CVE-2022-38751 snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match
*   BZ - 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP\_SINGLE\_VALUE\_ARRAYS
*   BZ - 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays
*   BZ - 2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data
*   BZ - 2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow
*   BZ - 2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding
*   BZ - 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service
*   BZ - 2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens
*   BZ - 2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability
*   BZ - 2148496 - CVE-2022-4137 keycloak: reflected XSS attack
*   BZ - 2150009 - CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution
*   BZ - 2155681 - CVE-2022-46363 Apache CXF: directory listing / code exfiltration
*   BZ - 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability
*   BZ - 2155970 - CVE-2022-45693 jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos
*   BZ - 2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method
*   BZ - 2156324 - CVE-2021-35065 glob-parent: Regular Expression Denial of Service
*   BZ - 2158585 - CVE-2023-0091 keycloak: Client Registration endpoint does not check token revocation
*   BZ - 2160585 - CVE-2023-0264 keycloak: user impersonation via stolen uuid code

**CVEs**

*   CVE-2018-14040
*   CVE-2018-14042
*   CVE-2019-11358
*   CVE-2020-11022
*   CVE-2020-11023
*   CVE-2021-35065
*   CVE-2021-44906
*   CVE-2022-1274
*   CVE-2022-1438
*   CVE-2022-1471
*   CVE-2022-2764
*   CVE-2022-3916
*   CVE-2022-4137
*   CVE-2022-24785
*   CVE-2022-25857
*   CVE-2022-31129
*   CVE-2022-37603
*   CVE-2022-38749
*   CVE-2022-38750
*   CVE-2022-38751
*   CVE-2022-40149
*   CVE-2022-40150
*   CVE-2022-42003
*   CVE-2022-42004
*   CVE-2022-45047
*   CVE-2022-45693
*   CVE-2022-46175
*   CVE-2022-46363
*   CVE-2022-46364
*   CVE-2023-0091
*   CVE-2023-0264

**Red Hat Single Sign-On 7.6 for RHEL 7**

SRPM

rh-sso7-keycloak-18.0.6-1.redhat\_00001.1.el7sso.src.rpm

SHA-256: 4d603f3fa2799a38b6ce3abef357a0a15b17e8b78eedb3568cf5570379ae224b

x86\_64

rh-sso7-keycloak-18.0.6-1.redhat\_00001.1.el7sso.noarch.rpm

SHA-256: 96463f0f1ea8b072ae37d99784f5da89e95170165ea0e9b227292b448bf17ce5

rh-sso7-keycloak-server-18.0.6-1.redhat\_00001.1.el7sso.noarch.rpm

SHA-256: 2d55a3717343254b83a0b69492d60f7480aa2b46ed0f8b17b0c1a91888b904aa

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

CVE-2022-4137

Cross Site Scripting (XSS) vulnerability in Resort Reservation System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the room, name, and description parameters in the manage_room function.

Submitted by oretnom23 on Saturday, April 15, 2023 - 15:51.

This simple project is entitled **Resort Reservation System**. It is a simple web application that provides an automated platform for certain resort management to easily store and retrieve reservation records. It was mainly developed using **PHP Language** and **SQLite3 Database**. It has a simple and pleasant user interface using **Bootstrap v5 Framework**. The project contains **CRUD** _(Create, Read, Update, and Delete)_ Operations and user-friendly features and functionalities.

****How does the Resort Reservation System work?****

This **Resort Reservation System** was mainly developed and can only be accessed by the resort management. Here, resort management can dynamically list all the rooms/cottages and extra fees that are available at their resort. They can simply encode or store their customer reservation records along with some other charges. Using the system, users can encode first the customer reservation details and the room or cottage they wanted to take and add extra fees or charges when the customer checked in.

****Features and Functionalities****

This **Resort Reservation System** project contains the following features and functionalities:

*   **Login and Logout**
*   **Room/Cottage Management**
    *   **Add New Room/Cottage**
    *   **List All Rooms/Cottages**
    *   **Update Room/Cottage Details**
    *   **View Room/Cottage Details**
    *   **Delete Room/Cottage**
*   **Extra Fee Management**
    *   **Add New Extra Fee**
    *   **List All Extra Fees**
    *   **Update Extra Fee Details**
    *   **View Extra Fee Details**
    *   **Delete Extra Fee**
*   **Reservation Management**
    *   **Add New Reservation**
    *   **List All Reservation**
    *   **Update Reservation Details**
    *   **View Reservation Details**
    *   **Delete Reservation**
*   **User Management**
    *   **Add New User**
    *   **List All Users**
    *   **Update User Details**
    *   **View User Details**
    *   **Delete User**

****Technologies****

This **Resort Reservation System** was developed using the following technologies:

*   **XAMPP**
*   **VS Code Editor**
*   **HTML**
*   **CSS**
*   **PHP**
*   **SQLite3**
*   **JavaScript**
*   **jQuery**
*   **Ajax Request**
*   **Bootstrap Framework**
*   **Google Icons**

****Snapshots****

Here are some snapshots of some pages of this **Resort Reservation System**:

****Login Page****

****Home Page****

****Room and Cottages List****

****Extra Fees List****

****Reservation List****

****Reservation Details****

The **Resort Reservation System** project complete source code zip file is available on this website and is free to download. Feel free to download and modify the source code the way you desire. The project was mainly developed for educational purposes only and not commercially.

****How to Run****

**Requirements**

*   **Download** and **Install** any **local web server** such as **XAMPP/WAMP.**
*   **Download** the provided source code **zip** file. (_download button is located below_)

**Installation/Setup**

1.  Open your XAMPP/WAMP php.ini file and uncomment the **sqlite3** **extension**. Then, save the file.
3.  **Open** your **XAMPP/WAMP's Control Panel** and start ****Apache****.
4.  **Extract** the **downloaded source code **zip** file**.
5.  If you are using **XAMPP**, **copy** the extracted source code folder and **paste** it into the **XAMPP's "htdocs" directory**. And If you are using **WAMP**, **paste** it into the **"www" directory.**
6.  **Browse** the **Resort Reservation System** in a **browser**. i.e. ****http://localhost/php-sqlite-cqs/****.

****Default Admin Access****

Username: **admin**  
Password: **sourcecodester&123**

That's it! I hope this **Resort Reservation System in PHP and SQLite3 Source Code** will help you with what you are looking for and that you'll find something useful for your current and future **PHP Projects**.

Explore more on this website for more **Tutorials** and **Free Source Codes**.

****Enjoy =)****

*   4485 views

CVE-2023-43458: Resort Reservation System in PHP and SQLite3 Source Code Free Download

By Deeba Ahmed
Another day, another crypto hack making cybercriminals multi-millionaires in no time, while leaving unsuspecting crypto investors without funds.…
This is a post from HackRead.com Read the original post: Mixin Network Halts Services After $200M Crypto Hack

Another day, another crypto hack making cybercriminals multi-millionaires in no time, while leaving unsuspecting crypto investors without funds.

Mixin Network has temporarily suspended its deposit and withdrawal services after cybercriminals targeted the decentralized wallet service. The network, reportedly, has lost $200 million in funds.

Mixin is a Hong Kong-based crypto firm that offers layer-2 protocol-like service to encourage cheaper and more efficient cross-chain transfers.

The network posted its announcement on X (formerly Twitter), stating that on September 23, 2023, its cloud service provider’s database was hacked early Saturday morning, resulting in a loss of approx. US$200 million.

“In the early morning of September 23…the database of Mixin Network’s cloud service provider was attacked by hackers, resulting in the loss of some assets on the mainnet. The funds involved are approximately US$200 million,” Mixin Network’s post on X read.

The network’s token, XIN, fell considerably (around 8% down) after this confirmation. According to its website, Mixin Network attracts 100,000 daily users and has over $1 billion in assets. Moreover, the network reported 663,489 unique transactions of BTC and 179,647 of ETH during July.

Mixin Network contacted blockchain security firm SlowMist and Google to launch an investigation into the hacking. It will reopen the services after confirming that the vulnerabilities are fixed.

However, the network explained that transfers will remain unaffected during this time. The vulnerability was disclosed today by Mixin Network founder Feng Xiaodong in a livestream in which he explained that they can only confirm that half of the assets are at least safe.

“We will try our best to minimize the losses and deeply apologize for this,” the network stated while assuring its users to provide a solution regarding what it intends to do about their lost assets.

SlowMist also posted a statement to confirm the attack on the cloud service provider: “🚨SlowMist Security Alert🚨 – On September 23, the Mixin Network cloud service provider database was attacked, and the amount of funds involved was ~ $200M. SlowMist is assisting in the investigation. Please wait for @MixinKernel updates for more information.”

Chainalysis, a leading blockchain data platform, has found that in 2022 alone, $3.8 billion worth of cryptocurrency was stolen, making it the worst year ever for the community.

Recently, Hackread reported the hacking of the world’s largest Australian cryptocurrency casino, Stake, which lost $41 million worth of cryptocurrency. The incident happened on September 4, 2023, and was caused due to a leaked private key.

****RELATED ARTICLES****

1.  6 of the Best Crypto Bug Bounty Programs
2.  We Need Smarter Smart Contracts To Prevent DeFi Hacks
3.  ETH Founder Vitalik Buterin’s X (Twitter) Hacked, $700k Stolen
4.  NY Couple Pleads Guilty to $4.5B Bitcoin Theft in Bitfinex Hack
5.  Billionaire Mark Cuban Falls Victim to Crypto Hack, Loses $900K

Mixin Network Halts Services After $200M Crypto Hack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <= 4.7.0 versions.

**Solution**

 Fixed

Update the WordPress Poll Maker plugin to the latest available version (at least 4.7.1).

Le Ngoc Anh discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Poll Maker Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 4.7.1.

**Other vulnerabilities in this plugin**

 0 present

 5 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-41871: WordPress Poll Maker plugin <= 4.7.0 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ram Ratan Maurya, Codestag StagTools plugin <= 2.3.7 versions.

**Solution**

 Fixed

Update the WordPress Stagtools plugin to the latest available version (at least 2.3.8).

Le Ngoc Anh discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Stagtools Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.3.8.

**Other vulnerabilities in this plugin**

 0 present

 2 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-41868: WordPress StagTools plugin <= 2.3.7 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.

CVE-2023-43319

UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList().

**IMPORTANT NOTICE**: DO NOT REPORT VULNERABILITIES SOLELY TO THE AUTHOR OR MARKETPLACE.

We urge you to report any vulnerabilities directly to us. Our mission is to ensure the safety and security of the PrestaShop ecosystem. Unfortunately, many module developers may not always recognize or acknowledge the vulnerabilities in their code, whether due to lack of awareness, or inability to properly evaluate the associated risk, or other reasons.

Given the rise in professional cybercrime networks actively seeking out these vulnerabilities, it's crucial that any potential threats are promptly addressed and the community is informed. The most effective method to do this is by publishing a CVE, like the one provided below.

Should you discover any vulnerabilities, **please report them to us at: report\[@\]security-presta.org**.

Every vulnerability report helps make the community more secure, and we are profoundly grateful for any information shared with us.

In the module “Cookie Law - Banner + Cookie blocker” (cookiebanner) up to version 1.5.0 from UpLight for PrestaShop, a guest can perform SQL injection in affected versions.

**Summary**

*   **CVE ID**: CVE-2023-39640
*   **Published at**: 2023-09-21
*   **Advisory source**: Friends-Of-Presta.org
*   **Platform**: PrestaShop
*   **Product**: cookiebanner
*   **Impacted release**: <= 1.5.0 (1.5.1 fixed the vulnerability)
*   **Product author**: UpLight
*   **Weakness**: CWE-89
*   **Severity**: critical (9.8)

**Description**

The method Hook::getHookModuleExecList() inside an override of the module has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

This exploit uses a PrestaShop front controller and most attackers can conceal the module controller’s path during the exploit, so you will never know within your conventional frontend logs that it exploits this vulnerability. **You will only see “POST /” inside your conventional frontend logs.** Activating the AuditEngine of mod\_security (or similar) is the only way to get data to confirm this exploit.

**CVSS base metrics**

*   **Attack vector**: network
*   **Attack complexity**: low
*   **Privilege required**: low
*   **User interaction**: none
*   **Scope**: unchanged
*   **Confidentiality**: high
*   **Integrity**: high
*   **Availability**: high

**Vector string**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Possible malicious usage**

*   Obtain admin access
*   Remove data from the associated PrestaShop
*   Copy/paste data from sensitive tables to FRONT to expose tokens and unlock admins’s ajax scripts
*   Rewrite SMTP settings to hijack emails

**Patch from 1.4.5 and 1.5.0**

    --- 1.4.5/modules/cookiebanner/controllers/front/settings.php
    +++ XXXXX/modules/cookiebanner/controllers/front/settings.php
    ...
            } elseif (Tools::isSubmit('submitSettings')) {
                $module_list = Tools::getValue('module_list');
                $disabled_modules_list = array();
                if (is_array($module_list)) {
                    foreach ($module_list as $id_module => $authorized) {
                        if (!$authorized) {
    -                       $disabled_modules_list[] = $id_module;
    +                       $disabled_modules_list[] = (int) $id_module;
                        }
                    }
                } else {
                    $this->errors[] = $this->l('No modules selected!');
                }
    

    --- 1.4.5/modules/cookiebanner/override/classes/Hook.php
    +++ XXXXX/modules/cookiebanner/override/classes/Hook.php
    ...
                if (count($disabled_modules_list)) {
    -               $sql->where('m.`id_module` NOT IN ('.implode(',', $disabled_modules_list).')');
    +               $sql->where('m.`id_module` NOT IN ('.implode(',', array_map('intval', $disabled_modules_list)).')');
                }
    

    --- 1.5.0/modules/cookiebanner/override/classes/Hook.php
    +++ XXXXX/modules/cookiebanner/override/classes/Hook.php
    ...
            if (!empty(self::$disabledHookModules)) {
    -           $sql->where('m.id_module NOT IN (' . implode(', ', self::$disabledHookModules) . ')');
    +           $sql->where('m.`id_module` NOT IN ('.implode(',', array_map('intval', self::$disabledHookModules)).')');
            }
    

**WARNING : Be warned that you must check the hook installed here** :

    --- 1.4.5/override/classes/Hook.php
    +++ XXXXX/override/classes/Hook.php
    ...
                if (count($disabled_modules_list)) {
    -               $sql->where('m.`id_module` NOT IN ('.implode(',', $disabled_modules_list).')');
    +               $sql->where('m.`id_module` NOT IN ('.implode(',', array_map('intval', $disabled_modules_list)).')');
                }
    

    --- 1.5.0/override/classes/Hook.php
    +++ XXXXX/override/classes/Hook.php
    ...
            if (!empty(self::$disabledHookModules)) {
    -           $sql->where('m.id_module NOT IN (' . implode(', ', self::$disabledHookModules) . ')');
    +           $sql->where('m.`id_module` NOT IN ('.implode(',', array_map('intval', self::$disabledHookModules)).')');
            }
    

**Other recommendations**

*   It’s recommended to upgrade to the latest version of the module **cookiebanner**.
*   Upgrade PrestaShop to the latest version to disable multiquery executions (separated by “;”) - be warned that this functionality **WILL NOT** protect your SHOP against injection SQL which uses the UNION clause to steal data.
*   Change the default database prefix ps_ with a new longer, arbitrary prefix. Nevertheless, be warned that this is useless against blackhats with DBA senior skill because of a design vulnerability in DBMS
*   Activate OWASP 942’s rules on your WAF (Web application firewall), be warned that you will probably break your backoffice and you will need to pre-configure some bypasses against this set of rules.

**Timeline**

Date

Action

2023-05-24

Issue discovered during a code review by TouchWeb.fr

2023-05-24

Contact PrestaShop Addons security Team to confirm versions scope by author

2023-05-26

PrestaShop Addons security Team confirm versions scope

2023-07-25

Request a CVE ID

2023-08-25

Received CVE ID

2023-09-21

Publish this security advisory

**Links**

*   PrestaShop addons product page
*   National Vulnerability Database

**DISCLAIMER:** _The French Association Friends Of Presta (FOP) acts as an intermediary to help hosting this advisory. While we strive to ensure the information and advice provided are accurate, FOP cannot be held liable for any consequences arising from reported vulnerabilities or any subsequent actions taken._

Tag

#web