Stored XSS Usememos has a feature to upload file and display it. By uploading a crafted SVG files, the users can perform Stored XSS attack with the image direct link. POC – Proof of concept Impact If an attacker can control a script that is executed in the victim’s browser, then they can typically fully compromise that user. The attacker can carry out any of the actions that are applicable to the impact of reflected XSS vulnerabilities. Severity https://cvss.js.org/#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N Reference https://huntr.dev/bounties/7e1be91d-3b13-4300-8af2-9bd9665ec335/ https://nvd.nist.gov/vuln/detail/CVE-2022-4690 https://github.com/usememos/memos

RCE – Remote Code Execution flatpresshas a feature to upload file “uploader” and display from “media manager”. By uploading SVG files, the users can perform Stored XSS attack. Copy the following code and save as filename.svg. POC – Proof of concept Impact If an attacker can execute the script in the victim’s browser via SVG file, they might compromise that user by stealing its cookies. Severity https://cvss.js.org/#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L Reference https://nvd.nist.gov/vuln/detail/CVE-2022-4605 https://huntr.dev/bounties/df455d44-0dec-470c-b576-8ea86ec5a367/ https://github.com/flatpressblog/flatpress

RCE – Remote Code Execution flatpress has a feature to upload file “uploader” and display from “media manager”. By uploading a malicious PHP files, the users can perform Php Remote file Inclusion attack and gain RCE. POC – Proof of concept Impact Successful exploitation of PHP file inclusion may result in information disclosure or compromise of the vulnerable system. A remote attacker can read and write files or execute arbitrary code on the target system with privileges of the web server. In this case we can do all of this things. Severity https://cvss.js.org/#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:L Reference https://nvd.nist.gov/vuln/detail/CVE-2022-4606 https://huntr.dev/bounties/3dab0466-c35d-4163-b3c7-a8666e2f7d95/ https://github.com/flatpressblog/flatpress

Html Injection in Login Page HTML Injection is a vulnerability in which the attacker can inject malicious html content in the login webpage. POC – Proof of concept Impact They can manipulate a trustful but vulnerable website against HTML Injection. They can create a fake webpage by using stored HTML Injection or they achieve XSS. After achieving XSS threat actors can steal cookies, hijack accounts, steal credentials and other sensitive information. Or an attacker can use tag <a href=”http://evil.com”>click here to get gift</a> it attack phishing to redirect the victim to another website. Severity https://cvss.js.org/#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Reference https://huntr.dev/bounties/7de20f21-4a9b-445d-ae2b-15ade648900b/ https://nvd.nist.gov/vuln/detail/CVE-2022-3869 https://huntr.dev/repos/froxlor/froxlor

Stored XSS and possible RCE/LFI phpmyfaq has a feature to restore from a backup the entire application. An attacker with admin grant can export the configuration and re-upload the same file bypassing all the backend sanitization and controls. POC – Proof of concept Misconf: In case of misconfiguration of the SQL service user grant. An attacker could abuse of that by reading/write sensitive file. Impact This vulnerability allow an attacker to take control of the entire database and in some cases read arbitrary file or execute shell commands by writing malicious php file. Severity https://cvss.js.org/#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Reference https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850/ https://github.com/thorsten/phpmyfaq https://nvd.nist.gov/vuln/detail/CVE-2022-3608

Stored XSS Openemr has a feature to customize the “User Manual Link Override” , due to a bad sanitization it allows to put javascript:// scheme which allows to execute javascript code. POC – Proof of concept Impact If an attacker can control a script that is executed in the victim’s browser, then they can typically fully compromise that user. The attacker can carry out any of the actions that are applicable to the impact of reflected XSS vulnerabilities. Severity https://cvss.js.org/#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L Reference https://huntr.dev/bounties/f353adfb-e5b8-43e7-957a-894670fd4ccd/ https://nvd.nist.gov/vuln/detail/CVE-2022-4733 https://huntr.dev/repos/openemr/openemr

GPLI – Stored XSS GPLI has a feature to customize the “Text in the login box ” , due to a bad sanitization it allows to put some html tag like “form” scheme which allows to execute javascript code. POC – Proof of concept Impact If an attacker can control a script that is executed in the victim’s browser, then they can typically fully compromise that user. The attacker can carry out any of the actions that are applicable to the impact of reflected XSS vulnerabilities. Severity https://cvss.js.org/#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:L Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39262 https://huntr.dev/bounties/54fc907e-6983-4c24-b249-1440aac1643c/ https://github.com/glpi-project/glpi/security/advisories/GHSA-4×48-q2wr-cpg4

Inventree- Stored XSS By uploading SVG files, the users can perform Stored XSS attack. Copy the following code and save as filename.svg. POC – Proof of concept Impact If an attacker can control a script that is executed in the victim’s browser, then they can typically fully compromise that user. The attacker can carry out any of the actions that are applicable to the impact of reflected XSS vulnerabilities. Severity https://cvss.js.org/#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Reference https://huntr.dev/bounties/4b7fb92c-f06b-4bbf-82dc-9f013b30b6a6/ https://github.com/inventree/inventree https://nvd.nist.gov/vuln/detail/CVE-2022-3355