Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier includes password parameters from the original build in replayed builds, allowing attackers with Run/Replay permission to obtain the values of password parameters passed to previous builds of a Pipeline.

CVE-2022-25180: Jenkins Security Advisory 2022-02-15

Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.

CVE-2021-46253 XSS v.0.12.7 store in archor cms 5.4 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46253 https://nvd.nist.gov/vuln/detail/CVE-2021-46253 CVE-2021-46458 Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add\_post. This vulnerability can be exploited through a crafted POST request via the post\_title parameter. 7.5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46458 https://nvd.nist.gov/vuln/detail/CVE-2021-46458 CVE-2021-46459 Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add\_user. These vulnerabilities can be exploited through a crafted POST request via the user\_name, user\_firstname,user\_lastname, or user\_email parameters. 7.5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46459 https://nvd.nist.gov/vuln/detail/CVE-2021-46459 CVE-2021-46253 Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. 7.5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24226 https://nvd.nist.gov/vuln/detail/CVE-2022-24226 CVE-2022-24227 A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters. 6.1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24227 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24227 CVE-2022-24585 A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24585 https://nvd.nist.gov/vuln/detail/CVE-2022-24585 CVE-2022-24586 A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24586 https://nvd.nist.gov/vuln/detail/CVE-2022-24586 CVE-2022-24587 A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24587 https://nvd.nist.gov/vuln/detail/CVE-2022-24587 CVE-2022-24588 Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24588 https://nvd.nist.gov/vuln/detail/CVE-2022-24588 CVE-2022-24589 Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24589 https://nvd.nist.gov/vuln/detail/CVE-2022-24589 CVE-2022-24590 A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24590 https://nvd.nist.gov/vuln/detail/CVE-2022-24590

CVE-2022-24588: GitHub - Nguyen-Trung-Kien/CVE: CVE Update

A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML.

Permalink

main

Switch branches/tags

**CVE/CVE-2022-24590/**CVE-2022-24590.pdf****

Go to file

*   Go to file

*   Copy path
*   Copy permalink

![@Nguyen-Trung-Kien](https://avatars.githubusercontent.com/u/65381453?s=48&v=4)

Nguyen-Trung-Kien Add files via upload

Latest commit 3c5e3be Feb 12, 2022

**History**

**1** contributor

**Users who have contributed to this file**

338 KB

Download

*   Open with Desktop
*   Download

Sorry, something went wrong. Reload?

Sorry, we cannot display this file.

Sorry, this file is invalid so it cannot be displayed.

CVE-2022-24590: CVE/CVE-2022-24590.pdf at main · Nguyen-Trung-Kien/CVE

A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2022-24227: CVE/CVE-2022-24227/CVE-2022-24227.pdf at main · Nguyen-Trung-Kien/CVE

A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.

Permalink

main

Switch branches/tags

**CVE/CVE-2022-24227/**CVE-2022-24227.pdf****

Go to file

*   Go to file

*   Copy path
*   Copy permalink

![@Nguyen-Trung-Kien](https://avatars.githubusercontent.com/u/65381453?s=48&v=4)

Nguyen-Trung-Kien Add files via upload

Latest commit 4b20c42 Feb 12, 2022

**History**

**1** contributor

**Users who have contributed to this file**

225 KB

Download

*   Open with Desktop
*   Download

Sorry, something went wrong. Reload?

Sorry, we cannot display this file.

Sorry, this file is invalid so it cannot be displayed.

CVE-2022-24227: CVE/CVE-2022-24227.pdf at main · Nguyen-Trung-Kien/CVE

A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.

**Latest commit**

**Files**Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

CVE-2022-24586: GitHub - Nguyen-Trung-Kien/CVE: CVE Update

Vicidial 2.14-783a was discovered to contain a cross-site scripting (XSS) vulnerability via the input tabs.

**Latest commit**

![@Zeyad-Azima](https://avatars.githubusercontent.com/u/62406753?s=48&v=4)

**Files**

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

**Vicidial-stored-XSS (CVE-2021-46557)**

Vicidial is vulnerable to stored cross-site-scripting through the script tab inputs

**Reproduce**

*   go to the vicidial and login
*   then go to /admin.php?ADD=1111111
*   in the script tab add the following javascript: "<scr<script>alert(1)</script>ipt>alert<script>alert(1)</script>(1)</scr<script>alert(1)</script>ipt>"
*   now click save, we were able to bypass the filter then view script
*   As you can see the code executed

**PoC**

![](https://github.com/Zeyad-Azima/Vicidial-stored-XSS/raw/main/Screenshot%202022-01-23%20090638.png)

CVE-2021-46557: GitHub - Zeyad-Azima/Vicidial-stored-XSS

Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields.

main

Switch branches/tags

**1** branch **0** tags

Code

**Latest commit**

![@Zeyad-Azima](https://avatars.githubusercontent.com/u/62406753?s=48&v=4)

Zeyad-Azima Update README.md

31874b5

Feb 14, 2022

Update README.md

`31874b5`

**Git stats**

*   **5** commits

**Files**

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

README.md

Update README.md

Feb 14, 2022

issabel\_poc.png

Add files via upload

Jan 23, 2022

Issabel-stored-XSS(CVE-2021-46558.) Reproduce PoC

**README.md**

**Issabel-stored-XSS(CVE-2021-46558.)**

Issabel PBX 20200102 is vulnerable to stored cross-site-scripting through add new user function

**Reproduce**

*   first go to add new user and add it as the following '"><script>alert(1)</script>
*   put it in the username and password & description
*   now login with the user using the payload
*   you will be able to see that our code have been executed

**PoC**

![](https://github.com/Zeyad-Azima/Issabel-stored-XSS/raw/main/issabel_poc.png)

**About**

No description, website, or topics provided.

**Resources**

Readme

**Stars**

**0** stars

**Watchers**

**1** watching

**Forks**

**0** forks

**Releases**

No releases published

**Packages**

No packages published

CVE-2021-46558: GitHub - Zeyad-Azima/Issabel-stored-XSS

Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0.

Permalink

Browse files

*   Loading branch information

![@PipoCanaja](https://avatars.githubusercontent.com/u/38363551?s=40&v=4)

1 parent 41ddce6 commit 4c9d4eefd8064a0285f9718ef38f5617d7f9d6fa

Showing with **5 additions** and **5 deletions**.

1.  +1 −1 includes/html/forms/add-dashboard.inc.php
2.  +3 −3 includes/html/forms/customoid.inc.php
3.  +1 −1 includes/html/forms/transport-groups.inc.php

@@ -34,7 +34,7 @@

$status = 'error';

$message = 'unknown error';

  

$dashboard\_name = trim($\_REQUEST\['dashboard\_name'\]);

$dashboard\_name = trim(strip\_tags($\_REQUEST\['dashboard\_name'\]));

  

if (! empty($dashboard\_name) && ($dash\_id = dbInsert(\['dashboard\_name' => $dashboard\_name, 'user\_id' => Auth::id()\], 'dashboards'))) {

$status = 'ok';

@@ -17,9 +17,9 @@

$device\_id = $\_POST\['device\_id'\];

$id = $\_POST\['ccustomoid\_id'\];

$action = $\_POST\['action'\];

$name = $\_POST\['name'\];

$oid = $\_POST\['oid'\];

$datatype = $\_POST\['datatype'\];

$name = strip\_tags($\_POST\['name'\]);

$oid = strip\_tags($\_POST\['oid'\]);

$datatype = strip\_tags($\_POST\['datatype'\]);

if (empty(($\_POST\['unit'\]))) {

$unit = \['NULL'\];

} else {

@@ -35,7 +35,7 @@

$message = '';

  

$group\_id = $vars\['group\_id'\];

$name = $vars\['name'\];

$name = strip\_tags($vars\['name'\]);

  

$target\_members = \[\];

foreach ((array) $vars\['members'\] as $target) {

**0 comments on commit `4c9d4ee`**

Please sign in to comment.

CVE-2022-0589: XSS fixes (#13780) · librenms/librenms@4c9d4ee

Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1; 6.5 versions prior to 6.5.4; all previous versions.

**Identity Cloud customers**

This security advisory **does not** apply to the ForgeRock Identity Cloud. This security advisory **only** applies to software deployments of the ForgeRock Identity Platform. 

**December 7, 2021**

Security vulnerabilities have been discovered in supported versions of AM. These vulnerabilities affect versions 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x, 6.5.3, 7.0.x and 7.1.0 and could be present in older unsupported versions.

The maximum severity of issues in this advisory is **Critical**.

The advice is to upgrade or apply a patch to mitigate these issues. In some cases, a workaround is given, which may be suitable, but an upgrade to the latest version is the recommended approach.

Details about these vulnerabilities are deliberately kept to a minimum to protect your deployments and prevent someone trying to exploit them in the field. Please do not ask for steps to reproduce for the same reasons.

In accordance with ForgeRock’s Maintenance and Patch availability policy, patches are available from BackStage for the following versions:

*   AM 7.1.1 - AM 7.1.1 is a patch release; this patch release should  be used to secure AM 7.1.0
*   AM 7.0.2
*   AM 6.5.3
*   AM 6.5.2.3
*   AM 6.5.1
*   AM 6.5.0.2
*   AM 6.0.0.7
*   AM 5.5.2 \*

\* ForgeRock are providing a patch for AM 5.5.2 even though this is outside the scope of the Maintenance and Patch availability policy; please note that this action does not constitute a change to said policy.

See How do I install an AM patch (All versions) supplied by ForgeRock support? for further information on deploying the patch. If you have existing patches, please raise a ticket to obtain an updated patch.

**Issue #202110-01: Broken Access Control**

Affected versions 

AM 5.5.2, 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x, 6.5.3, 7.0.x and 7.1.0

Fixed versions

AM 6.5.4, AM 7.1.1

Component

Core Server

Severity

Critical

**Description:**

It may be possible to bypass some authentication controls and gain access to other users' session tokens.

**Workaround:**

Block or restrict access to the PLL servlet endpoints:

*   /authservice
*   /sessionservice
*   /profileservice
*   /policyservice
*   /namingservice
*   /loggingservice

These are legacy endpoints, that are potentially used by ssoadm, Agents prior to version 5 and the OpenAM Java SDK (removed in AM 5.5.0). Additionally, in pre-AM 6 versions, these endpoints may be used for AM crosstalk. If you know these components are being used, then restrict the endpoint access to a trusted network, otherwise they can be blocked completely. More information on how to block these endpoints is found in the following KB article: Best practice for blocking the top level realm in a proxy for AM (All versions)

**Resolution:**

Upgrade to a fixed version or deploy the relevant patch. The fix for AM 7.1 is provided in the AM 7.1.1 patch release.

**Issue #202110-02: Cross Site Scripting (XSS)**

Affected versions

AM 5.5.2, 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x, 6.5.3, 7.0.x and 7.1.0

Fixed versions

AM 6.5.4, AM 7.1.1

Component

Core Server

Severity

High

**Description:**

AM is vulnerable to cross-site scripting (XSS) attacks via the oauth2/authorize endpoint, which could lead to session hijacking or phishing.

**Workaround:**

The oauth2/authorize endpoint is used in some OAuth2/OIDC flows and by AM Agents 5 and above. You can protect the oauth2/authorize endpoint with the container (for example, using the mod\_security Apache module) or filter external requests if the endpoint is not used, or until a patch is deployed.

**Resolution:**

Upgrade to a fixed version or deploy the relevant patch. The fix for AM 7.1 is provided in the AM 7.1.1 patch release.

The security advisory patch contains both a binary fix (which fixes known instances of the 202110-02 XSS issue) and a XUI fix (which includes additional hardening to help prevent any further XSS issues on this endpoint within the XUI).

If you have customized the XUI, you should apply the binary fix in the first instance (by removing the XUI directory from the patch before deploying it) and then you can apply the XUI fix to your XUI customizations by following the instructions in the README included in the advisory.

**Acknowledgements**

Maxime Escourbiac (https://cert.michelin.com/)

Maxence Schmitt (https://cert.michelin.com/)

**Change Log**

The following table tracks changes to the security advisory:

Date 

Description

December 8, 2021

Added clarification to Issue #202110-02 about XUI customizations

December 7, 2021

Initial release

Tag

#xss