#xss

A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php.

Dolibarr version 17.0.1 suffers from a persistent cross site scripting vulnerability.

PHPJabbers Business Directory Script version 3.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

FOG Forum version 0.8 suffers from a cross site scripting vulnerability.

FoccusWeb CMS version 0.1 suffers from a cross site scripting vulnerability.

1. EXECUTIVE SUMMARY ​CVSS v3 9.6 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Hitachi Energy ​Equipment: AFF66x ​Vulnerabilities: Cross-site Scripting, Use of Insufficiently Random Values, Origin Validation Error, Integer Overflow or Wraparound, Uncontrolled Resource Consumption, NULL Pointer Dereference 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to compromise availability, integrity, and confidentiality of the targeted devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Hitachi Energy reports these vulnerabilities affect the following AFF660/665 products: ​AFF660/665: Firmware 03.0.02 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 ​CROSS-SITE SCRIPTING CWE-79 ​In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names DNS servers returned via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo could lead to output of wrong hostnames (leading to domain hijacking) or injection...

Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.

A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.6.8 or apply this patch manually https://github.com/pimcore/pimcore/commit/234c0c02ea7502071b00ab673fbe4a6ac253080e.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/234c0c02ea7502071b00ab673fbe4a6ac253080e.patch manually. ### References https://huntr.dev/bounties/245a8785-0fc0-4561-b181-fa20f869d993/

### Impact Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop down (no free text value) it can still be set from JavaScript (using the browser developer tools) or by calling the save URL on the user profile with the right query string. Once the time zone is set it is displayed without escaping which means the payload gets executed for any user that visits the malicious user profile, allowing the attacker to steal information and even gain more access rights (escalation to programming rights). The problem is present [since version 4.1M2](https://jira.xwiki.org/browse/XWIKI-7847) when the time zone user preference was introduced. ### Patches The issue has been fixed in XWiki 14.10.5 and 15.1RC1 by https://github.com/xwiki/xwiki-platform/commit/d11ca5d781f8a42a85bc98eb82306c1431e764d4 . The main fix is in the [``displayer_timezone.vm``](https://g...