Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0.

**Description**

The application Titra is vulnerable to Stored XSS in Project name field.

**Steps To Reproduce**

1.  Click on Edit button
2.  Under the Project Name enter the paylaod "><img src=# onerror=alert(document.domain)>
3.  Click on save.
4.  Now navigate to details the XSS will be triggered.

**Image PoC**

https://drive.google.com/file/d/1P44bIq0VgqMMUdb7VEKhF1Q\_7PdY2k4Z/view?usp=sharing https://drive.google.com/file/d/1sEJnrY8wxPY9gw1yPL1M4NH7Xe0qkgMT/view?usp=sharing

**Impact**

This allows the attacker to execute malicious scripts in all the project members browser and it can lead to session hijacking, sensitive data exposure, and worse.

CVE-2022-2028: Stored XSS in Project Name in titra

Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0.

**Description**

The application Titra is vulnerable to Stored XSS in Task field.

**Steps To Reproduce**

1.  Click on add Track button
2.  In the Task field enter the payload "><img src=# onerror=alert(document.domain)>
3.  click save
4.  Now Click on Details
5.  XSS will be triggered

**Image PoC**

https://drive.google.com/file/d/1twcYvvdV-hCE4hI0HwtnE9ZvqpYC77gS/view?usp=sharing https://drive.google.com/file/d/1CNtiY-VeLjPtYQOx3clUKSxgSAMM2mQM/view?usp=sharing

**Impact**

This allows the attacker to execute malicious scripts in all the project members browser and it can lead to session hijacking, sensitive data exposure, and worse.

CVE-2022-2029: Stored XSS in Task field in titra

Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0.

CVE-2022-2026: Stored XSS in Name in titra

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2019-25070

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.

@@ -2881,15 +2881,15 @@ var NewDialog = function(editorUi, compact, showName, callback, createOnly, canc setActiveTab(0);  
div.scrollTop \= 0; div.innerHTML \= ''; div.innerText \= ''; i0 \= 0;  
if (oldTemplates != templates) { templates \= oldTemplates; categories \= origCategories; customCatCount \= origCustomCatCount; list.innerHTML \= ''; list.innerText \= ''; initUi(); oldTemplates \= null; } @@ -2912,7 +2912,7 @@ var NewDialog = function(editorUi, compact, showName, callback, createOnly, canc }  
div.scrollTop \= 0; div.innerHTML \= ''; div.innerText \= ''; spinner.spin(div);  
var callback2 \= function(docList, errorMsg, searchImportCats) @@ -2938,13 +2938,13 @@ var NewDialog = function(editorUi, compact, showName, callback, createOnly, canc } else { div.innerHTML \= ''; div.innerText \= '';  
if (importListsCount \> 0) { list.style.display \= ''; div.style.left \= '160px'; list.innerHTML \= ''; list.innerText \= '';  
customCatCount \= 0; categories \= {'draw.io': docList}; @@ -3628,7 +3628,7 @@ var NewDialog = function(editorUi, compact, showName, callback, createOnly, canc }  
div.scrollTop \= 0; div.innerHTML \= ''; div.innerText \= ''; i0 \= 0; var msgDiv \= document.createElement('div'); msgDiv.style.cssText \= 'border: 1px solid #D3D3D3; padding: 6px; background: #F5F5F5;'; @@ -3704,7 +3704,7 @@ var NewDialog = function(editorUi, compact, showName, callback, createOnly, canc currentEntry.style.backgroundColor \= leftHighlight;  
div.scrollTop \= 0; div.innerHTML \= ''; div.innerText \= ''; i0 \= 0;  
templates \= customCats\[cat2\]; @@ -3749,7 +3749,7 @@ var NewDialog = function(editorUi, compact, showName, callback, createOnly, canc currentEntry.style.backgroundColor \= leftHighlight;  
div.scrollTop \= 0; div.innerHTML \= ''; div.innerText \= ''; i0 \= 0;  
templates \= subCat? subCategories\[cat\]\[subCat\] : categories\[cat\]; @@ -5955,7 +5955,7 @@ var RevisionDialog = function(editorUi, revs, restoreFn) // Gets current state of page with given ID var curr \= currentDiagrams\[diagrams\[currentPage\].getAttribute('id')\]; mxUtils.setOpacity(compareBtn, 20); errorNode.innerHTML \= ''; errorNode.innerText \= '';  
if (curr \== null) { @@ -5977,7 +5977,7 @@ var RevisionDialog = function(editorUi, revs, restoreFn) }, null, function() { mxUtils.setOpacity(compareBtn, 60); errorNode.innerHTML \= ''; errorNode.innerText \= '';  
if (container.style.display \== 'none') { @@ -6232,14 +6232,14 @@ var RevisionDialog = function(editorUi, revs, restoreFn) function updateGraph(xml) { spinner.stop(); errorNode.innerHTML \= ''; errorNode.innerText \= ''; var doc \= mxUtils.parseXml(xml); var node \= editorUi.editor.extractGraphModel(doc.documentElement, true);  
if (node != null) { pageSelect.style.display \= 'none'; pageSelect.innerHTML \= ''; pageSelect.innerText \= ''; currentDoc \= doc; currentXml \= xml; parseSelectFunction \= null; @@ -6343,7 +6343,7 @@ var RevisionDialog = function(editorUi, revs, restoreFn) shortUser \= shortUser.substring(0, 20) + '...'; }  
fileInfo.innerHTML \= ''; fileInfo.innerText \= ''; mxUtils.write(fileInfo, ((shortUser != null) ? (shortUser + ' ') : '') + ts.toLocaleDateString() + ' ' + ts.toLocaleTimeString()); @@ -6376,8 +6376,8 @@ var RevisionDialog = function(editorUi, revs, restoreFn) else { pageSelect.style.display \= 'none'; pageSelect.innerHTML \= ''; fileInfo.innerHTML \= ''; pageSelect.innerText \= ''; fileInfo.innerText \= ''; mxUtils.write(fileInfo, mxResources.get('errorLoadingFile')); mxUtils.write(errorNode, mxResources.get('errorLoadingFile')); } @@ -6403,7 +6403,7 @@ var RevisionDialog = function(editorUi, revs, restoreFn) fileInfo.removeAttribute('title'); fileInfo.innerHTML \= mxUtils.htmlEntities(mxResources.get('loading') + '...'); container.style.backgroundColor \= graph.defaultPageBackgroundColor; errorNode.innerHTML \= ''; errorNode.innerText \= ''; graph.getModel().clear();  
restoreBtn.setAttribute('disabled', 'disabled'); @@ -6444,8 +6444,8 @@ var RevisionDialog = function(editorUi, revs, restoreFn) { spinner.stop(); pageSelect.style.display \= 'none'; pageSelect.innerHTML \= ''; fileInfo.innerHTML \= ''; pageSelect.innerText \= ''; fileInfo.innerText \= ''; mxUtils.write(fileInfo, mxResources.get('errorLoadingFile')); mxUtils.write(errorNode, mxResources.get('errorLoadingFile')); }); @@ -6822,7 +6822,7 @@ var DraftDialog = function(editorUi, title, xml, editFn, discardFn, editLabel, d parseDiagram(diagrams\[currentPage\]); }  
pageSelect.innerHTML \= ''; pageSelect.innerText \= '';  
if (diagrams.length \> 1) { @@ -7043,7 +7043,7 @@ var FindWindow = function(ui, x, y, w, h, withReplace)  
function search(internalCall, trySameCell, stayOnPage) { replAllNotif.innerHTML \= ''; replAllNotif.innerText \= ''; var cells \= graph.model.getDescendants(graph.model.getRoot()); var searchStr \= searchInput.value.toLowerCase(); var re \= (regexInput.checked) ? new RegExp(searchStr) : null; @@ -7249,7 +7249,7 @@ var FindWindow = function(ui, x, y, w, h, withReplace)  
var resetBtn \= mxUtils.button(mxResources.get('reset'), function() { replAllNotif.innerHTML \= ''; replAllNotif.innerText \= ''; searchInput.value \= ''; searchInput.style.backgroundColor \= '';  
@@ -7444,7 +7444,7 @@ var FindWindow = function(ui, x, y, w, h, withReplace)  
var replaceAllBtn \= mxUtils.button(mxResources.get('replaceAll'), function() { replAllNotif.innerHTML \= ''; replAllNotif.innerText \= '';  
if (replaceInput.value) { @@ -7727,7 +7727,7 @@ var FreehandWindow = function(editorUi, x, y, w, h, withBrush)  
graph.addListener('freehandStateChanged', mxUtils.bind(this, function() { startBtn.innerHTML \= ''; startBtn.innerText \= ''; mxUtils.write(startBtn, mxResources.get(graph.freehand.isDrawing() ? 'stopDrawing' : 'startDrawing')); startBtn.setAttribute('title', mxResources.get(graph.freehand.isDrawing() ? 'stopDrawing' : 'startDrawing')); startBtn.className \= 'geBtn' + (!graph.freehand.isDrawing() ? ' gePrimaryBtn' : ''); @@ -8072,7 +8072,7 @@ var MoreShapesDialog = function(editorUi, expanded, entries) preview.style.textAlign \= 'center'; preview.style.padding \= '0px'; preview.style.color \= ''; preview.innerHTML \= ''; preview.innerText \= '';  
if (entry.desc != null) { @@ -8474,7 +8474,7 @@ var PluginsDialog = function(editorUi, addFn, delFn, closeOnly) } else { inner.innerHTML \= ''; inner.innerText \= '';  
for (var i \= 0; i < plugins.length; i++) { @@ -9580,7 +9580,7 @@ var LibraryDialog = function(editorUi, name, library, initialImages, file, mode)  
function updateLabel() { label.innerHTML \= ''; label.innerText \= ''; label.style.cursor \= 'pointer'; label.style.whiteSpace \= 'nowrap'; label.style.textOverflow \= 'ellipsis'; @@ -9636,7 +9636,7 @@ var LibraryDialog = function(editorUi, name, library, initialImages, file, mode)  
if (entry.title \== null || entry.title.length \== 0) { label.innerHTML \= ''; label.innerText \= ''; }  
label.style.textOverflow \= ''; @@ -10934,7 +10934,7 @@ var TemplatesDialog = function(editorUi, callback, cancelCallback,  
if (!internalCall) { diagramsTiles.innerHTML \= ''; diagramsTiles.innerText \= ''; swapActiveItem(); curDiagList \= diagrams; curSearchImportCats \= searchImportCats; @@ -11651,7 +11651,7 @@ var TemplatesDialog = function(editorUi, callback, cancelCallback, if (recentDocsCallback) { tempDlgContent.scrollTop \= 0; diagramsTiles.innerHTML \= ''; diagramsTiles.innerText \= ''; spinner.spin(diagramsTiles); cancelPendingCall \= false; callInitiated \= true; @@ -11796,7 +11796,7 @@ var TemplatesDialog = function(editorUi, callback, cancelCallback,  
deselectTempCat(); tempDlgContent.scrollTop \= 0; diagramsTiles.innerHTML \= ''; diagramsTiles.innerText \= ''; diagramsListTitle.innerHTML \= mxUtils.htmlEntities(mxResources.get('searchResults')) + ' "' + mxUtils.htmlEntities(searchStr) + '"'; delayTimer \= null; @@ -12499,7 +12499,7 @@ AspectDialog.prototype.createPageItem = function(pageId, pageName, pageNode) this.selectedItem \= $listItem; this.selectedPage \= pageId; $listItem.className += ' geAspectDlgListItemSelected'; this.layersContainer.innerHTML \= ''; this.layersContainer.innerText \= ''; this.selectedLayers \= {}; this.okBtn.setAttribute('disabled', 'disabled');

CVE-2022-2015: 19.0.2 release · jgraph/drawio@3d3f819

Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1.

@@ -0,0 +1,73 @@ <?php /\*\* \* This file is part of FacturaScripts \* Copyright (C) 2022 Carlos Garcia Gomez <carlos@facturascripts.com> \* \* This program is free software: you can redistribute it and/or modify \* it under the terms of the GNU Lesser General Public License as \* published by the Free Software Foundation, either version 3 of the \* License, or (at your option) any later version. \* \* This program is distributed in the hope that it will be useful, \* but WITHOUT ANY WARRANTY; without even the implied warranty of \* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \* GNU Lesser General Public License for more details. \* \* You should have received a copy of the GNU Lesser General Public License \* along with this program. If not, see <http://www.gnu.org/licenses/>. \*/  
namespace FacturaScripts\\Test\\Core\\Model;  
use FacturaScripts\\Core\\Model\\Balance; use PHPUnit\\Framework\\TestCase;  
final class BalanceTest extends TestCase { public function testCreate() { // creamos un balance $balance = new Balance(); $balance\->codbalance = 'test'; $balance\->descripcion1 = 'test'; $balance\->naturaleza = 'A'; $this\->assertTrue($balance\->save(), 'cant-save-balance');  
// eliminamos $this\->assertTrue($balance\->delete(), 'cant-delete-balance'); }  
public function testCantCreateEmpty() { $balance = new Balance(); $this\->assertFalse($balance\->save(), 'cant-save-balance'); }  
public function testHtmlOnFields() { $balance = new Balance(); $balance\->codbalance = '<test>'; $balance\->descripcion1 = '<test>'; $balance\->descripcion2 = '<test>'; $balance\->descripcion3 = '<test>'; $balance\->descripcion4 = '<test>'; $balance\->descripcion4ba = '<test>'; $balance\->naturaleza = '<test>'; $this\->assertFalse($balance\->save(), 'cant-save-balance-with-html');  
// cambiamos el codigo a un codigo válido $balance\->codbalance = 'test'; $this\->assertTrue($balance\->save(), 'cant-save-balance-2');  
// comprobamos que el html se ha escapado $this\->assertEquals('&lt;test&gt;', $balance\->descripcion1); $this\->assertEquals('&lt;test&gt;', $balance\->descripcion2); $this\->assertEquals('&lt;test&gt;', $balance\->descripcion3); $this\->assertEquals('&lt;test&gt;', $balance\->descripcion4); $this\->assertEquals('&lt;test&gt;', $balance\->descripcion4ba); $this\->assertEquals('&lt;test&gt;', $balance\->naturaleza);  
// eliminamos $this\->assertTrue($balance\->delete(), 'cant-delete-balance'); } }

CVE-2022-2016: Escaped the html of the balance fields before any other tests. Also a… · NeoRazorX/facturascripts@7b4ddb9

A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

**Prison Management System - system\_info 'name' Stored Cross-Site Scripting(XSS)****Exploit Title: Prison Management System - system\_info 'name' Stored Cross-Site Scripting(XSS)****Exploit Author: webraybtl@webray.com.cn inc****Vendor Homepage: https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html****Software Link:https://www.sourcecodester.com/download-code?nid=15368&title=Prison+Management+System+in+PHP%2FOOP+Free+Source+Code****Version: Prison Management System 1.0****Tested on: Windows Server 2008 R2 Enterprise, Apache ,Mysql****Description**

Persistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being Non-Persistent (or Reflected) XSS and DOM-based XSS. In general, XSS attacks are based on the victim’s trust in a legitimate, but vulnerable, website or web application.Prison Management System does not filter the content correctly at the "name" parameter, resulting in the generation of stored XSS.

**Payload used:**

<img src="" onerror="alert(111111111)">

**Proof of Concept**

1.  Login the CMS. Admin Default Access: username: admin Password: admin123
    
2.  Open Page http://192.168.67.5/pms/admin/?page=system\_info
    
3.  Put XSS payload in the content box and click on Update to publish the page ;
    
4.  We can see the alert.;

CVE-2022-2020: vul/Prison Management System(XSS).md at main · ch0ing/vul

A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser.

_All information within TRA advisories is provided “as is”, without warranty of any kind, including the implied warranties of merchantability and fitness for a particular purpose, and with no guarantee of completeness, accuracy, or timeliness. Individuals and organizations are responsible for assessing the impact of any actual or potential security vulnerability._

_Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order._

_For more details on submitting vulnerability information, please see our Vulnerability Reporting Guidelines page._

_If you have questions or corrections about this advisory, please email \[email protected\]_

Tenable Advisory ID

TRA-2022-21

CVSSv3 Base / Temporal Score

CVSSv3 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

SCORM Engine 21.1.x < 21.1.7.219

SCORM Engine < 20.1.45.914

****FREE FOR 30 DAYS****

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

 BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

65 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Try Nessus Professional Free**

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

**Buy Nessus Professional**

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable.io

BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

65 assets

Choose Your Subscription Option:

**Thank You**

Thank you for your interest in Tenable.io. A representative will be in touch soon.

**Try Tenable.io Web Application Scanning**

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. **Sign up now.**

**Buy Tenable.io Web Application Scanning**

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

**Try Tenable.io Container Security**

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

**Buy Tenable.io Container Security**

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

**Thank You**

Thank you for your interest in the Tenable.io Container Security program. A representative will be in touch soon.

**Try Tenable Lumin**

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

**Buy Tenable Lumin**

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

**Thank You**

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

**Request a demo of Tenable.sc**

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

_\* Field is required_

**Request a demo of Tenable.ot**

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

**Thank You**

Thank you for your interest in Tenable.ot. A representative will be in touch soon.

**Request a demo of Tenable.ad**

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

**Try Tenable.cs**

FREE FOR 30 DAYS Enjoy full access to detect and fix cloud infrastructure misconfigurations in the design, build and runtime phases of your software development lifecycle.

**Buy Tenable.cs**

Contact a Sales Representative to learn more about Cloud Security and how you can secure every step from code to cloud.

**Thank You**

Thank you for your interest in Tenable.cs. A representative will be in touch soon.

**See Tenable.ep In Action**

Know the exposure of every asset on any platform.

CVE-2022-2035: XSS in Rustici Software SCORM Engine

Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2021-40610: emlog pro v 1.0.4 management XSS Vulnerability · Issue #1 · blackQvQ/emlog

Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL.

Tag

#xss