Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server.

Published:2023/06/22  Last Updated:2023/06/22

**Overview**

Pleasanter provided by Implem Inc. contains multiple vulnerabilities.

**Products Affected**

*   Pleasanter 1.3.39.2 and earlier versions

The developer states that both Community Edition and Enterprise Edition are affected.

**Description**

Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below.

*   **Stored cross-site scripting vulnerability (CWE-79)** - CVE-2023-32607
    
    CVSS v3
    
    CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
    
    **Base Score: 5.4**
    
    CVSS v2
    
    AV:N/AC:M/Au:S/C:N/I:P/A:N
    
    **Base Score: 3.5**
    
*   **Directory traversal vulnerability (CWE-22)** - CVE-2023-32608
    
    CVSS v3
    
    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
    
    **Base Score: 4.3**
    
    CVSS v2
    
    AV:N/AC:L/Au:S/C:N/I:P/A:N
    
    **Base Score: 4.0**
    

**Impact**

*   An arbitrary script may be executed on the logged-in user's web browser - CVE-2023-32607
*   An arbitrary file on the server may be altered by a remote attacker who can login to the product - CVE-2023-32608

**Solution**

**Update the Software**  
Update the software to the latest version according to the information provided by the developer.  
According to the developer, these vulnerabilities have been fixed in version 1.3.40.0.

**Vendor Status**

**References**

**JPCERT/CC Addendum**

**Vulnerability Analysis by JPCERT/CC**

**Credit**

Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to Implem Inc. and Implem Inc. reported them to IPA.  
JPCERT/CC and Implem Inc. coordinated under the Information Security Early Warning Partnership.

**Other Information**

CVE-2023-32608: JVN#97818024: Multiple vulnerabilities in Pleasanter

Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.

Vendor: Sophos

Product: Sophos Web Appliance

Version affected: 4.1.1-0.9

This worked also on the latest v4.3.9.1 version (as of 05 Jan 2020) I used Firefox Browser, 71.1(64-bit) on Windows 10.

**Product description:**

The Sophos Web Appliance is designed to function as a web proxy that provides HTTP security at. the gateway. Potentially risky content is scanned for various forms of malware.

“Sophos Web Appliance (SWA) and Sophos Management Appliance (SMA) will reach End of Life (EOL) on 20 July 2023. When this happens, the products will continue to pass traffic but will no longer receive security or software updates. Cloud services with functions such as support services and LiveConnect will be turned off.”

*   CVE ID: CVE-2023-33336
*   CWE ID: CWE-79

**Proof of Concept:**

Reflected cross-site scripting (XSS) vulnerability was discovered in the product.

It was possible to inject malicious code and input was successfully reflected between doubles quotes. It’s a systemic XSS, which definitely increases risk compared to standard XSS.

Vulnerable input section was possible to set to: status reports configuration

The following Proof of Concept (PoC) demonstrates the attack as well as displaying evidence of the script payload being returned in the response.

    Sample GET request:
    https://10.0.0.17/index.php?c=trend_suspect&period=0&section=reports" onmouseover%3dprompt(1) bad%3d"&STYLE=34f6ad4ed0b9f19a094041a234feb5e3

Authenticated reflected XSS with the privileges of admin user. Sophos Virtual Web Appliance used to demonstrate the vulnerability was the latest available from Sophos trials website.

**References:**

1.  https://www.owasp.org/index.php/Cross-site\_Scripting\_(XSS)
2.  https://support.sophos.com/support/s/article/KB-000039441?language=en\_US
3.  https://docs.sophos.com/nsg/swa/help/en-us/nsg/swa/concepts/AboutYourAppliance.html

CVE-2023-33336: Cross-site scripting (XSS) in Sophos Web Appliance - 4.1.1-0.9

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.

CVE-2023-3469: huntr – Security Bounties for any GitHub repository

A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733.

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

CVE-2023-36146: GitHub - leonardobg/CVE-2023-36146

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file user.php of the component HTTP POST Request Handler. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232711.

25 Visitors have signed the guestbook

Posted by

Comments

Name Jose

Location New Britain, ct

I must admit this GUESTBOOK is by way far THE BEST!!

Do like the step by step basic instructions. Im not a tech and yet by reading I have installed my guess book.  
Love it ALOT!!  This is a powerful guestbook script.

Reply: Thank you Jose. I appreciate your feedback.

Posted by

Name Jose

Location New Britain, ct

Posted by

Comments

Name Franky

Location West Country

Recently purchased this PHP script and added to my website. It's easy to install and use and since installed, have received a number of entries from people visiting my website. Simple it may be, but the feedback is very positive.

Posted by

Name Franky

Location West Country

Posted by

Comments

Name Steve Kane

Location United Kingdom

Fantastic little guestbook - easy to mod to suit your web site

Thank you guys. 

Posted by

Name Steve Kane

Location United Kingdom

Posted by

Comments

Name Ramona

Location Texas

Best party buss around 

Posted by

Name Ramona

Location Texas

Posted by

Comments

Name Gary Best

Location Manchester, UK

I'm travelling all over the world, but here met the warmest services ever. Three stars hotel, but deserve fice stars compliments :super: . Will recommend this hotel to my colleagues and friends.

Posted by

Name Gary Best

Location Manchester, UK

*   1
*   2
*   3
*   4
*   5
*   »

CVE-2023-3465: GuestBook preview

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been classified as problematic. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation of the argument p leads to cross site scripting. It is possible to launch the attack remotely. It is recommended to upgrade the affected component. VDB-232710 is the identifier assigned to this vulnerability.

CVE-2023-3464

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.

CVE-2023-30955: Palantir | Trust and Security Portal

A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.

CVE-2023-30946: Palantir | Trust and Security Portal

ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS).

CVE-2023-36484

ILIAS 7.21 allows stored Cross Site Scripting (XSS).

Tag

#xss