Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

This record contains material that is subject to copyright.

**Copyright 2012-2023 Defiant Inc.**

**License:** Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. **Read more.**

**Copyright 1999-2023 The MITRE Corporation**

**License:** CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy. **Read more.**

Have information to add, or spot any errors? Contact us at wfi-support@wordfence.com so we can make any appropriate adjustments.

CVE-2023-3708: Multiple DeoThemes Themes <= (Various Versions) - Reflected Cross-Site Scripting — Wordfence Intelligence

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.

CVE-2023-28864: Chef Infra Server Release Notes

Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.

**Testing for HTML Injection**

ID

WSTG-CLNT-03

**Summary**

HTML injection is a type of injection vulnerability that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. This vulnerability can have many consequences, like disclosure of a user’s session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims.

This vulnerability occurs when user input is not correctly sanitized and the output is not encoded. An injection allows the attacker to send a malicious HTML page to a victim. The targeted browser will not be able to distinguish (trust) legitimate parts from malicious parts of the page, and consequently will parse and execute the whole page in the victim’s context.

There is a wide range of methods and attributes that could be used to render HTML content. If these methods are provided with an untrusted input, then there is an high risk of HTML injection vulnerability. For example, malicious HTML code can be injected via the innerHTML JavaScript method, usually used to render user-inserted HTML code. If strings are not correctly sanitized, the method can enable HTML injection. A JavaScript function that can be used for this purpose is document.write().

The following example shows a snippet of vulnerable code that allows an unvalidated input to be used to create dynamic HTML in the page context:

    var userposition=location.href.indexOf("user=");
    var user=location.href.substring(userposition+5);
    document.getElementById("Welcome").innerHTML=" Hello, "+user;
    

The following example shows vulnerable code using the document.write() function:

    var userposition=location.href.indexOf("user=");
    var user=location.href.substring(userposition+5);
    document.write("<h1>Hello, " + user +"</h1>");
    

In both examples, this vulnerability can be exploited with an input such as:

    http://vulnerable.site/page.html?user=<img%20src='aaa'%20onerror=alert(1)>
    

This input will add an image tag to the page that will execute arbitrary JavaScript code inserted by the malicious user in the HTML context.

**Test Objectives**

*   Identify HTML injection points and assess the severity of the injected content.

**How to Test**

Consider the following DOM XSS exercise http://www.domxss.com/domxss/01\_Basics/06\_jquery\_old\_html.html

The HTML code contains the following script:

    <script src="../js/jquery-1.7.1.js"></script>
    <script>
    function setMessage(){
        var t=location.hash.slice(1);
        $("div[id="+t+"]").text("The DOM is now loaded and can be manipulated.");
    }
    $(document).ready(setMessage  );
    $(window).bind("hashchange",setMessage)
    </script>
    <body>
        <script src="../js/embed.js"></script>
        <span><a href="#message" > Show Here</a><div id="message">Showing Message1</div></span>
        <span><a href="#message1" > Show Here</a><div id="message1">Showing Message2</div>
        <span><a href="#message2" > Show Here</a><div id="message2">Showing Message3</div>
    </body>
    

It is possible to inject HTML code.

CVE-2021-37386: WSTG - Latest | OWASP Foundation

Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI before v.1.31.0 allows a remote attacker to execute arbitrary code via the KeyValuesTable component.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2023-36656: Escape keys by yurishkuro · Pull Request #15 · mafintosh/json-markup

Travelable version 1.0 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Travelable 1.0 - Stored XSS# Exploit Author: CraCkEr# Date: 15/07/2023# Vendor: travelmate.com# Vendor Homepage: https://www.codester.com/items/43963/travelable-trek-management-solution# Software Link: https://travel.codeswithbipin.com/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site## DescriptionAllow Attacker to inject malicious code into website, give ability to steal sensitiveinformation, manipulate data, and launch additional attacks.Path: /[random-number]/commentPOST parameter 'comment' is vulnerable to XSS-----------------------------------------------------------POST /[random-number]/comment HTTP/2_token=10Mh1zuuVXB1iH3QsrEOqpWGOXogEv38WPwqGtv6&name=cracker+infosec&email=cracker%40infosec.com&phone=%2B96171951951&comment=[XSS Payload]-----------------------------------------------------------## Steps to Reproduce:1. Surf as a (Guest User)2. Go to [Tour Packages] on this Path: https://website/packages3. Choose any package and click [Explore] Path: https://website/package/64. Scroll Down to the [Comments] section5. Inject your XSS Payload in [Comment Box]6. Click on [Submit]7. Every visitor to the page where you inject your [XSS Payload] - Path: https://website/package/68. XSS will fire and execute on his browser.[-] Done

Travelable 1.0 Cross Site Scripting

BloodBank version 1.1 suffers from a cross site scripting vulnerability.

    # Exploit Title: BloodBank 1.1 - Reflected XSS# Exploit Author: CraCkEr# Date: 15/07/2023# Vendor: phpscriptpoint# Vendor Homepage: https://phpscriptpoint.com/# Software Link: https://demo.phpscriptpoint.com/bloodbank/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /bloodbank/page.phpURL parameter is vulnerable to RXSShttps://website/bloodbank/page.php/jr88z"><script>alert(1)</script>h6n9w?slug=blog&page=2[-] Done

BloodBank 1.1 Cross Site Scripting

Carlisting version 1.6 suffers from a cross site scripting vulnerability.

    # Exploit Title: Carlisting 1.6 - Reflected XSS# Exploit Author: CraCkEr# Date: 16/07/2023# Vendor: phpscriptpoint# Vendor Homepage: https://phpscriptpoint.com/# Software Link: https://demo.phpscriptpoint.com/carlisting/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /carlisting/search.phpGET parameter 'country' is vulnerable to RXSSGET parameter 'state' is vulnerable to RXSSGET parameter 'city' is vulnerable to RXSShttps://website/carlisting/search.php?brand_id=1&model_id=1&car_condition=New%20Car&price_range=1&car_category_id=1&body_type_id=1&fuel_type_id=1&transmission_type_id=2&year=2023&mileage_start=10&mileage_end=200&country=[XSS]&state=[XSS]&city=[XSS][-] Done

Carlisting 1.6 Cross Site Scripting

Lawyer CMS version 1.6 suffers from a cross site scripting vulnerability.

    # Exploit Title: Lawyer CMS 1.6 - Reflected XSS# Exploit Author: CraCkEr# Date: 16/07/2023# Vendor: phpscriptpoint# Vendor Homepage: https://phpscriptpoint.com/# Software Link: https://demo.phpscriptpoint.com/lawyer/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /lawyer/page.phpURL parameter is vulnerable to RXSShttps://website/lawyer/page.php/[XSS]?slug=blog&page=2Path: /lawyer/search.phpURL parameter is vulnerable to RXSShttps://website/lawyer/search.php/[XSS]?search_string=&page=2[-] Done

Lawyer CMS 1.6 Cross Site Scripting

JobSeeker version 1.5 suffers from a cross site scripting vulnerability.

    # Exploit Title: JobSeeker 1.5 - Reflected XSS# Exploit Author: CraCkEr# Date: 15/07/2023# Vendor: phpscriptpoint# Vendor Homepage: https://phpscriptpoint.com/# Software Link: https://demo.phpscriptpoint.com/jobseeker/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /jobseeker/search-result.phpGET parameter 'kw' is vulnerable to RXSSGET parameter 'lc' is vulnerable to RXSSGET parameter 'ct' is vulnerable to RXSSGET parameter 'cp' is vulnerable to RXSSGET parameter 'p' is vulnerable to RXSShttps://website/jobseeker/search-result.php?kw=[XSS]&lc=[XSS]&ct=[XSS]&cp=[XSS]&p=[XSS][-] Done

JobSeeker 1.5 Cross Site Scripting

Ecommerce version 1.15 suffers from a cross site scripting vulnerability.

    # Exploit Title: Ecommerce 1.15 - Reflected XSS# Exploit Author: CraCkEr# Date: 16/07/2023# Vendor: phpscriptpoint# Vendor Homepage: https://phpscriptpoint.com/# Software Link: https://demo.phpscriptpoint.com/ecommerce/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /ecommerce/blog-single.phpGET parameter 'slug' is vulnerable to RXSShttps://website/ecommerce/blog-single.php?slug=[XSS]Path: /ecommerce/product.phpGET parameter 'id' is vulnerable to RXSShttps://website/ecommerce/product.php?id=[XSS][-] Done

Tag

#xss