Online Examination System version 1.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: Online Examination System - Cross site scripting Reflected# Google Dork: N/A# Date: 2022-9-29# Exploit Author: yousef alraddadi - https://twitter.com/y0usef_11# Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-examination/# Software Link: https://github.com/projectworlds32/online-examination-systen-in-php/archive/master.zip# Tested on: windows 11 - XAMPP# CVE : N/A# Version: 1.0Vulnerability Details======================Steps :vulnerable code in file index.php157 <?php if(@$_GET['q7'])158 { echo'<p style="color:red;font-size:15px;">'.@$_GET['q7'];}?>http://localhost/examination/index.php?q7=%22%3E%3Cscript%3Ealert(%22yousef%22);%3C/script%3Einject payload parameter q7

Online Examination System 1.0 Cross Site Scripting

FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module.

There is a stored XSS vulnerability in the background of FeehiCMS.

First register a user for testing, then go to Content -> Single Page, upload any picture in the comment box.  

Then send a comment, capture the odd packet while sending the Forward, change the value of SRC under the

tag in the packet to: 'x' \[onerror='alert(1)', and send the message.  

Refresh the page, and pop-up windows will appear on the current page and the home page.

CVE-2022-40408: There are some XSS vulnerabilities in FeehiCMS-2.1.1 · Issue #3 · liufee/feehicms

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.

CVE-2022-40407: Security issues - Chamilo LMS

Bugs in Canon Medical's Virea View could allow cyberattackers to access several sources of sensitive patient data.

Canon Medical's Vitrea View is a widely used tool for securely sharing medical images between radiologists, physicians, and other healthcare providers on a patient care team. Two newly discovered vulnerabilities (collectively tracked as CVE-2022-37461) could allow threat actors to access much more than X-rays.   

One flaw is an unauthenticated reflected cross-site scripting (XSS) in an error message, according to a new report from Trustwave's SpiderLabs. Jordan Hedges, the threat researcher behind the finds, said the second is a separate Reflected XSS in the Vitrea View admin panel. 

"If exploited, these vulnerabilities could be used to retrieve patient information, stored images, or scans, and modify information, depending on privileges used during the session," Hedges wrote in a Thursday analysis. "Sensitive information and credentials for various services integrated with Vitrea View could be accessed, as well."

The Vitrea View meets international Digital Imaging and Communications in Medicine (DICOM) standards, the report notes, and thus integrates with many other things.

“Vitrea View is used to centralize potentially multiple sources and solutions for medical imaging, including X-Rays, MRIs, CRT scans, 3D imaging, etc.," Karl Sigler, senior security research manager at Trustwave SpiderLabs, tells Dark Reading. 

He added, "The images are also associated with a patient’s records, so these vulnerabilities means that there could potentially be a wealth of information that might be exfiltrated (damaging a patient’s confidentiality) or modified (swapping a patient’s medical images with another, deleting records, or potentially modifying patient information directly).”

The XSS medical imaging vulnerabilities were submitted to Canon Medial and a patch has been released. Hedges recommends organizations running the tool apply it immediately.

XSS Flaw in Prevalent Media Imaging Tool Exposes Trove of Patient Data

Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3.

CVE-2022-3355

Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page

**Description**

Ticket management filter in Trudesk v1.2.0 allow user to perform XSS due to improper validation on filter attribute such as "status", "ticket type", "assignee" and etc.

**Proof of Concept**

1.  Login to Trudesk with role user privilege
2.  Tickets -> Filter ticket
3.  Filter for ticket status (poc on attribute status)
4.  Insert payload in the filter result

**Endpoint**

1.  http://{IP}/tickets/filter/

**Payload used**

1.  "><img src=a onerror=alert(document.domain)>

**Screenshot POC**

1.  ticket filter
2.  xss domain
3.  xss cookie

**Impact**

This vulnerability is capable of executing a malicious javascript code in web page

**Occurrences**

CVE-2022-1719: Reflected XSS on ticket filter function in trudesk

glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (XSS) vulnerability. The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. This input was echoed unmodified in the application's response.

**glfusion: XSS-Reflected vulnerability****CVE-2021-45843****Vendor****Description:**

glFusion CMS v1.7.9 is affected by XSS-Reflected vulnerability. The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eklaq" accesskey=x onclick=alert(1)//pjq5jrwco4o was submitted in the title parameter. This input was echoed unmodified in the application's response. An example attack: A simple lure is sent by an attacker for the victim on email, to visit a vulnerable website, using their website for this lure.

**Proof end explot:**

CVE-2021-45843: CVE-nu11secur1ty/vendors/glfusion/XSS-Reflected at main · nu11secur1ty/CVE-nu11secur1ty

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.

CVE-2020-15330: Multiple vulnerabilities found in Zyxel CNM SecuManager

An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback.

Author Affiliation

WMF Product

*   Task Graph
*   Mentions

**Event Timeline**

Restricted Application added a subscriber: Aklapper.

Urbanecm\_WMF renamed this task from Mentor dashboard mentee overview: Permanent XSS exploitable by wiki admins to Mentor dashboard: Permanent XSS exploitable by wiki admins.

Urbanecm\_WMF renamed this task from Mentor dashboard: Permanent XSS exploitable by wiki admins to Mentor dashboard: Permanent XSS exploitable by wiki admins (server-side part).

Urbanecm\_WMF changed Author Affiliation from N/A to WMF Product.

Mstyles renamed this task from Mentor dashboard: Permanent XSS exploitable by wiki admins (server-side part) to Mentor dashboard: Permanent XSS exploitable by wiki admins (server-side part) (CVE-2021-42047).

CVE-2021-42047: Permanent XSS exploitable by wiki admins (server-side part) (CVE-2021-42047)

IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Tag

#xss