Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter.

Vulnerability name：Reflective XSS

Vulnerability level：Medium risk

Affected version：v2021.1000.1081<=v2022.1000.3029

Vulnerability location：Many places，Here are some places I found  
1、url：http://127.0.0.1/maccms10/admin.php/admin/art/data.html?select=&input=&type=&status=&level=&lock=&pic=&order=&wd= Affected parameters：select & input  
2、url：http://127.0.0.1maccms10/admin.php/admin/website/data.html?select=&input=&type=&status=&level=&lock=&pic=&order=&wd= Affected parameters：select & input  
3、url：http://127.0.0.1maccms10/admin.php/admin/plog/index.html?type=&wd= Affected parameters：wd  
4、url：http://127.0.0.1maccms10/admin.php/admin/ulog/index.html?mid=&type=&wd= Affected parameters：wd  
5、url：http://127.0.0.1maccms10/admin.php/admin/vod/data.html?repeat= Affected parameters：repeat

Verification process：  
Get administrator cookies through reflective XSS：  
First, the user logs in to the background  
![image](https://user-images.githubusercontent.com/59214809/156299814-e0f84147-53a1-4ed0-96a9-2b1dfa2fe833.png)  
Then we make a payad that can get cookies by using the vulnerable URL，Send it to the victim or make it run by other means.  
For example, here I choose this URL：\[http://127.0.0.1/maccms10/admin123.php/admin/vod/data.html?repeat=%22%3E%3CScRiPt%3Ealert(document.cookie)%3C/ScRiPt%3E\]  
After the victim clicks, the cookie pops up successfully. Here, the XSS platform can also be used to accept the cookie.  
![image](https://user-images.githubusercontent.com/59214809/156300247-fccf0c41-bec5-4f3b-b981-95922bdcb97f.png)  
Other URLs are the same：  
![image](https://user-images.githubusercontent.com/59214809/156300313-f204f505-c000-4d34-80d6-08a03135e951.png)  
![image](https://user-images.githubusercontent.com/59214809/156300373-05372764-6b7c-4912-a22c-56850ebf49f5.png)

Repair method：  
【1】HTML escape the input data so that it is not recognized as an executable script  
【2】Filter the data according to the tags and attributes of the whitelist to clear the executable script (such as script tag, oneror attribute of img tag, etc.)

CVE-2022-27887: There are multiple reflective XSS vulnerabilities in the website · Issue #840 · magicblack/maccms10

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact].

**simple-event-planner**

**Software**

**Simple Event Planner**

**Vulnerable Versions**

**<= 1.5.4**

**Fixed in version**

**1.5.5**

**CVE**

**CVE-2022-25612**

**References**

**Credits**

**Classification**

**Cross Site Scripting (XSS)**

**OWASP Top 10**

**A7: Cross-Site Scripting (XSS)**

**Disclosure Date**

**2022-03-23**

**CVSS 3.0 score**

**Requires author or higher role user authentication.**

**Are your websites subject to this vulnerability?**

**Details**

**Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities discovered by Ex.Mi (Patchstack) in WordPress Simple Event Planner plugin (versions <= 1.5.4).**

**Solution**

**Update the WordPress Simple Event Planner plugin to the latest available version (at least 1.5.5).**

**Found a vulnerability that puts your sites at risk?**

**Found a vulnerability? Help us secure the web and join our community of ethical hackers.**

**Are you the developer of this software? Hire our researchers for a thorough security audit.**

CVE-2022-25612: WordPress Simple Event Planner plugin <= 1.5.4 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities - Patchstack

Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][].

**simple-event-planner**

**Software**

**Simple Event Planner**

**Vulnerable Versions**

**<= 1.5.4**

**Fixed in version**

**1.5.5**

**CVE**

**CVE-2022-25611**

**References**

**Credits**

**Classification**

**Cross Site Scripting (XSS)**

**OWASP Top 10**

**A7: Cross-Site Scripting (XSS)**

**Disclosure Date**

**2022-03-23**

**CVSS 3.0 score**

**Requires contributor or higher role user authentication.**

**Are your websites subject to this vulnerability?**

**Details**

**Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Simple Event Planner plugin (versions <= 1.5.4).**

**Solution**

**Update the WordPress Simple Event Planner plugin to the latest available version (at least 1.5.5).**

**Found a vulnerability that puts your sites at risk?**

**Found a vulnerability? Help us secure the web and join our community of ethical hackers.**

**Are you the developer of this software? Hire our researchers for a thorough security audit.**

CVE-2022-25611: WordPress Simple Event Planner plugin <= 1.5.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat <= 20220115 allows an attacker to store the malicious code. However, the attack requires specific conditions, making it hard to exploit.

CVE-2022-25610: Simple Ajax Chat

A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field.

**Storage xss exists in all three column modules of column management in CLASSCMS v2.5.**

payload: <script>alert(1)</script>

Click manage-> Click column Management-> Select the third column of articles and then click manage.

![image](https://user-images.githubusercontent.com/54017627/154788144-bab68160-f3c8-4d02-a3a5-7f2b95295b60.png)

Click to add

![image](https://user-images.githubusercontent.com/54017627/154788747-e89d0f02-3dde-4d0f-8e33-daead96c0e56.png)

Enter our payload and click add

![image](https://user-images.githubusercontent.com/54017627/154788930-24022d4c-8fec-412b-be52-261c605bd32d.png)

Click the editor again

![image](https://user-images.githubusercontent.com/54017627/154789062-48c18538-e737-4b01-a50c-a11bcb710c77.png)

Click again to save

![image](https://user-images.githubusercontent.com/54017627/154789127-b30857e9-a51b-4760-b1b1-7d7ad9d0efa4.png)

Just visit the home page and find that payload has been executed

![image](https://user-images.githubusercontent.com/54017627/154789142-8c893b35-b344-4cc4-8811-a770af2290ba.png)

If you enter the title `1.` of this article, you will also execute payload.

When we enter the title `1.`, we will also execute payload, and we will find that after the title we entered is'1. < script > alert (1) < / script >', the title of the article on the home page becomes' 1.', which means that the following js code has been executed.

![image](https://user-images.githubusercontent.com/54017627/154789149-ef0f5bac-6485-414a-8fca-c8314b15450e.png)

![image](https://user-images.githubusercontent.com/54017627/154789310-fd81c360-0c71-4423-8fa2-3717a008a49b.png)

CVE-2022-25582: Vulscve/classcms2.5-xss.md at master · k0xx11/Vulscve

Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp.

CVE-2022-26263: 用友（yonyou）

A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-25574: douphp · Issue #1 · aqianhei/aqian

phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.

**Nossos números:**

**3,5MM+**Anomalias reportadas  
aos clientes em 2020**450+**Pessoas em Recife, São  
Paulo, Rio e Londres**500+**Clientes no Brasil, UK,  
LATAM e Europa**21+**Anos de experiência  

**Principais Serviços**

 

**Security Consulting**

Projetos de avaliações, testes e diagnósticos de resiliência e cibersegurança.

Saiba Mais

 

**Security Integration**

Desenhamos, instalamos e configuramos as soluções de segurança próprias e de parceiros, respeitando o fluxo do seu negócio.

Saiba Mais

 

**Managed Security Services**

Temos inteligência, tecnologias e profissionais altamente qualificados para apoiar sua empresa com projetos contínuos.

Saiba Mais

 

**Digital Identity**

O AllowMe agrega proteção e confiança à relação digital entre empresas e seus clientes.

Saiba Mais

**Trabalhamos com importantes parceiros de negócios para oferecer as melhores ferramentas em cibersegurança.**

Nosso portfólio de ponta a ponta inclui as soluções tecnológicas mais inovadoras do mercado desenvolvidas pelos maiores fabricantes internacionais.

Saiba mais

Assine nossa newsletter

Cadastre-se para receber novidades

CVE-2021-46426: Home - Tempest - Líder em Segurança Digital no Brasil!

**Nossos números:**

**3,5MM+**Anomalias reportadas  
aos clientes em 2020**450+**Pessoas em Recife, São  
Paulo, Rio e Londres**500+**Clientes no Brasil, UK,  
LATAM e Europa**21+**Anos de experiência  

**Principais Serviços**

 ![](https://www.tempest.com.br/wp-content/uploads/2021/03/Icons_verde-13.png) ![](https://www.tempest.com.br/wp-content/uploads/2021/01/Imagem7.png)

**Security Consulting**

Projetos de avaliações, testes e diagnósticos de resiliência e cibersegurança.

Saiba Mais

 ![](https://www.tempest.com.br/wp-content/uploads/2021/03/Icons_verde-07.png) ![](https://www.tempest.com.br/wp-content/uploads/2021/01/usecase-buider.png)

**Security Integration**

Desenhamos, instalamos e configuramos as soluções de segurança próprias e de parceiros, respeitando o fluxo do seu negócio.

Saiba Mais

 ![](https://www.tempest.com.br/wp-content/uploads/2021/03/Icons_verde-09.png) ![](https://www.tempest.com.br/wp-content/uploads/2021/01/Imagem12.png)

**Managed Security Services**

Temos inteligência, tecnologias e profissionais altamente qualificados para apoiar sua empresa com projetos contínuos.

Saiba Mais

 ![](https://www.tempest.com.br/wp-content/uploads/2021/03/Icons_verde-08.png) ![](https://www.tempest.com.br/wp-content/uploads/2021/01/Imagem4.png)

**Digital Identity**

O AllowMe agrega proteção e confiança à relação digital entre empresas e seus clientes.

Saiba Mais

**Trabalhamos com importantes parceiros de negócios para oferecer as melhores ferramentas em cibersegurança.**

Nosso portfólio de ponta a ponta inclui as soluções tecnológicas mais inovadoras do mercado desenvolvidas pelos maiores fabricantes internacionais.

Saiba mais

Assine nossa newsletter

Cadastre-se para receber novidades

Tag

#xss