The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.

**CVE****Description**

SeedDMS versions 6.0.18 and 5.1.25 are prone to stored XSS. The "Add category" functionality inside the "Global keywords" menu does not sanitize user input allowing javascript injection.

**POC**

Injecting the payload

By pressing the "Add category" button the malicious payload is saved and triggered by the application

**Remediation**

Escape user input by using "htmlspecialchars" php function

**Reference**

https://sourceforge.net/p/seeddms/code/ci/6fc17be5d95e8f00fbe5c124c4acd377fa2ce69d/

**Timeline**

*   \[22/03/2022\] Vulnerability evidence sent to the vendor
*   \[23/03/2022\] Vulnerability confirmed by the vendor
*   \[23/03/2022\] Vulnerability fixed by the vendor

**Notes**

Thanks to the main developer of SeedDMS, Uwe Steinmann, that immediately acknowledged the vulnerability and fixed it.

CVE-2022-28051: Responsible-Vulnerability-Disclosure/README.md at main · looCiprian/Responsible-Vulnerability-Disclosure

SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu

**Description**

SeedDMS versions 6.0.18 and 5.1.25 are prone to stored XSS. It is possible to inject javascript code inside the "Role management" menu, inside the name field, and then trigger the payload by loading the "Users management" menu

**POC**

Injecting the payload

Triggering the payload

**Remediation**

Sanitize user input using "htmlspecialchars" php function

**Reference**

https://sourceforge.net/p/seeddms/code/ci/9e92524fdbd1e7c3e6771d669f140c62389ec375/

**Timeline**

*   \[28/03/2022\] Vulnerability evidence sent to the vendor
*   \[28/03/2022\] Vulnerability confirmed by the vendor
*   \[28/03/2022\] Vulnerability fixed by the vendor

**Notes**

Thanks to the main developer of SeedDMS, Uwe Steinmann, that immediately acknowledged the vulnerability and fixed it.

CVE-2022-28479: Responsible-Vulnerability-Disclosure/CVE-2022-28479 at main · looCiprian/Responsible-Vulnerability-Disclosure

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active.

CVE-2020-6220

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.

Tags give the ability to mark specific points in history as being important

CVE-2022-31493: Tags · LibreHealth / LibreHealth EHR / LibreHealth EHR Base · GitLab

A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.

CVE-2022-23712: Security issues

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues

CVE-2022-1940

FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature.

**What is XSS**  
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser-side script, to a different end-user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

Affected Version- 3.1.2

Demo installation: https://localhost/Fudforum-3.1.2/

**Reproduce bug:**  
Step 1 : Login with admin account and go to the Admin Control Panel.  
Step 2: In Categories & Forums, use Forum Manager to add new Forum to Private Forums.  
Step 3: Inject XSS payload to Forum Name field and complete Add Forum  
XSS payload : a<img src=x onerror=alert('xss')>  
Step 4: Go back to http://localhost/FUDforum-3.1.2/index.php  
Or Go to http://localhost/FUDforum-3.1.2/adm/admgroups.php?&SQ=1da883e1cc4e8df02d59bcf5fc8edf54  
\-> XSS bug trigger

**Impact of XSS:**

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can:

Perform any action within the application that the user can perform.  
View any information that the user is able to view.  
Modify any information that the user is able to modify.  
Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.  
With the help of XSS a hacker or attacker can perform social engineering on users by redirecting them from real website to fake one. hacker can steal their cookies and download a malware on their system, and there are many more attacking scenarios a skilled attacker can perform with xss.

CVE-2022-30861: Cross Site Scripting · Issue #24 · fudforum/FUDforum

FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections.

**Describe the bug**  
Meta etiketlere ve içeriğe yazılan xss yükünü filtrelememek

https://owasp.org/www-community/attacks/xss/

**To Reproduce**  
Steps to reproduce the behavior:  
1-) press create new page from home page

2-) Enter the meta tags and content e xss payload

3-) go to admin panel and press go to home page button and xss pop-up

**Expected behavior**  
A clear and concise description of what you expected to happen.

**Screenshots**  
If applicable, add screenshots to help explain your problem.

**Additional context**  
POC : https://www.youtube.com/watch?v=wmQf0B3Sa6c

CVE-2021-42245: Create Page XSS · Issue #69 · flatCore/flatCore-CMS

FacturaScripts 2022.08 and prior is vulnerable to cross-site scripting. A patch is available on the `master` branch of the repository and anticipated to be part of version 2022.09.

**Cross-site Scripting in FacturaScripts**

Moderate severity GitHub Reviewed Published Jun 4, 2022 • Updated Jun 6, 2022

GHSA-r7jw-mg27-j839: Cross-site Scripting in FacturaScripts

XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tag

#xss