A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.This vulnerability arrises from the "msg" parameter which is inserted into the document with insufficient sanitization.

Permalink

**0** contributors

**Users who have contributed to this file**

\-- ### Credit

\-- 2022-Jul-07

\--

\-- Discovered by Claudio Bozzato of Cisco Talos.

\--

\-- TALOS-2022-1534

\--

\-- Now the userUpdate.json.php requires a request from the same domain as the AVideo site

\-- in addition all save and delete database calls require the same by default (a whitelist can be built hardcoding it in the objects/Object.php file)

\--

\-- TALOS-2022-1535

\--

\-- Session ID will only change if you are not logged in

\-- In case the session ID changes we will regenerate it with a new name avoiding reusing it

\--

\-- TALOS-2022-1536

\--

\-- plugin/Live/view/Live\_schedule/add.json.php and objects/playlistAddNew.json.php will deny updating if the users\_id is not = as the original record when it is editing

\--

\-- TALOS-2022-1537

\--

\-- Add a sanitize rule on the security file

\--

\--

\-- TALOS-2022-1539

\--

\-- Add a sanitize rule on the view/img/image403.php file itself

\--

\-- TALOS-2022-1540

\--

\-- Video title and the filename will always be sanitized on the setTitle method (sometimes more than once)

\--

\--

\-- TALOS-2022-1542

\--

\-- httponly set to true

\-- we are now using the passhash instead of the database pass in all site

\-- the passhash is totally different than the original DB password, it is an encrypted JSON and has an expiration time, and also will be automatically rejected if the original password is updated

\-- the login with the pass hash (database password field) directly will be disabled soon, for now, it is only enabled to buy some time to update the other third parties apps

\--

\-- TALOS-2022-1545

\--

\-- Fixed on TALOS-2022-1542

\--

\-- TALOS-2022-1546

\--

\-- Filename is now sanitized with escapeshellarg(safeString($filename,true));

\--

\-- TALOS-2022-1538

\--

\-- all 4 parameters are sanitized now

\-- also if the request does not come from the same site, the showAlertMessage() function will not be executed

\--

\-- TALOS-2022-1547

\--

\-- Now every time the admin login we will check if the new videos/.htaccess is there, and create it if it is not

\-- <IfModule !authz\_core\_module>

\-- Order Allow,Deny

\-- Deny from all

\-- </IfModule>

\-- <IfModule authz\_core\_module>

\-- Require all denied

\-- </IfModule>

\-- <filesMatch "\\.(ico|pdf|flv|jpg|jpeg|png|gif|swf|ts|txt|mp4|mp3|m3u8|webp|key|css|tff|woff|woff2)$">

\-- <IfModule !authz\_core\_module>

\-- Order Allow,Deny

\-- Allow from all

\-- </IfModule>

\-- <IfModule authz\_core\_module>

\-- Require all granted

\-- </IfModule>

\-- </filesMatch>

\--

\-- this will only allow access to only some specific file types inside the videos folder

\--

\-- TALOS-2022-1548

\--

\-- we now verify if is a valid URL properly, also we are using the escapeshellarg for URL and destination filename

\--

\-- TALOS-2022-1549

\--

\-- We now only download the downloadURL\_image if it is a valid URL NOT local files anymore

\--

\-- TALOS-2022-1551

\--

\-- All our classes were updated using the prepared statement to avoid SQL injection

\-- also \`videoDownloadedLink\` and \`duration\` are now sanitized

\-- if you are editing anything we now "forbidIfItIsNotMyUsersId"

\-- key and URL are now sanitized Clone plugin

\--

\-- TALOS-2022-1550

\--

\-- the url\_get\_contents now only download files from valid URLs or files from inside the cache folder

UPDATE configurations SET version \= '12.0', modified \= now() WHERE id \= 1;

CVE-2022-32772: AVideo/updateDb.v12.0.sql at e04b1cd7062e16564157a82bae389eedd39fa088 · WWBN/AVideo

Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users.

Sorry, something went wrong. Reload?

Sorry, we cannot display this file.

Sorry, this file is invalid so it cannot be displayed.

CVE-2022-28598: CVE-2022-28598/ERPNext - 12.29.0.pdf at main · patrickdeanramos/CVE-2022-28598

Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress

 Verified

 Fixed

**6.1**

CVSS 3.1 score Medium severity

Monitoring Coming soon

PSID 

36ad25333709

Classification 

Cross Site Scripting (XSS)

OWASP Top 10 

A7: Cross-Site Scripting (XSS)

Publicly disclosed

2022-08-10

**Details**

Reflected Cross-Site Scripting (XSS) vulnerability discovered by Vlad Vector (Patchstack) in WordPress SP Project & Document Manager plugin (versions <= 4.59).

**Solution**

Update the WordPress SP Project & Document Manager plugin to the latest available version (at least 4.62).

**References**

CVE-2022-34857: WordPress SP Project & Document Manager plugin <= 4.59 - Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack

A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality.

**Red Hat Product Security Center**

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

CVE-2021-3442: Red Hat Customer Portal - Access to 24x7 support and knowledge

Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress.

 Verified

 Fixed

**4.8**

CVSS 3.1 score Medium severity

Monitoring Coming soon

PSID 

c4562a76af28

Classification 

Cross Site Scripting (XSS)

OWASP Top 10 

A7: Cross-Site Scripting (XSS)

Required privilege 

Requires editor or higher role user authentication.

Publicly disclosed

2021-11-07

**Details**

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Testimonial Builder plugin (versions <= 1.6.1).

**Solution**

Update the WordPress Testimonial plugin to the latest available version (at least 1.6.2).

**References**

Changeset

CVE-2021-36857: WordPress Testimonial Builder plugin <= 1.6.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress.

CVE-2021-36847: Webba Booking: Appointment & Event Booking Calendar Plugin

The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

CVE-2022-0446

The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2022-2407

The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

CVE-2022-2383

The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues

Tag

#xss