XSS vulnerability in Razor project https://github.com/cobub/razor version 0.8.0
The path of the vulnerability.
//line 98
function uploadchannel()
{
$platform = $_POST['platform'];
XSS vulnerability in Razor project https://github.com/cobub/razor version 0.8.0
The path of the vulnerability.
//line 98
function uploadchannel()
{
$platform = $_POST['platform'];
Header injection vulnerability in phpipam https://github.com/phpipam/phpipam version v1.5.0
The path of the vulnerability:
<?php
//In file https://github.com/phpipam/phpipam/blob/master/app/admin/subnets/ripe-query.php
//line 21
// the source is $_POST[‘subnet’]
$res = $Subnets->resolve_ripe_arin ($_POST['subnet']);
directory traversal in ICEcoder https://github.com/icecoder/ICEcoder version 8.1
In file https://github.com/icecoder/ICEcoder/blob/master/lib/settings.php
//line 62
if (true === isset($_POST['username']) && "" !== $_POST['username']) {$username = $_POST['username'] . "-";};
$settingsFile = 'config-' . $username . str_replace(".", "_", str_replace("www.", "", $_SERVER['SERVER_NAME'])) . '.php';
// line 110
$ICEcoderUserSettings = $settingsClass->getConfigUsersSettings($settingsFile);
XSS vulnerability in Cacti https://github.com/Cacti/cacti version v1.2.21
The path of the vulnerability. In file https://github.com/Cacti/cacti/blob/develop/graphs_new.php
//line 40
switch (get_request_var('action')) {
case 'save':
form_save();
XSS vulnerability in pfsense v2.5.2
The path of the XSS vulnerability in file https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/vendor/filebrowser/browser.php
In this file we get the list of dirs and files in specific directory through the function get_content.
Then we print the list of files as we can see in this simplified code.
// ----- read contents -----
CVE-2023-23027 is assigned
Link: https://www.sourcecodester.com/php-codeigniter-expense-management-system-source-code
9 XSS vulnerabilities
Sinks in application/views/index.php
// line 195
<input name="" readonly="" type="text" class="form-control form-control-sm" value="<?php echo $row->name ?>" placeholder="" aria-label="Name">
CVE-2023-23026 is assigned
Link: https://www.sourcecodester.com/php-codeigniter-simple-sales-management-system-source-code
Mutiple XSS vulnerabilities.
The input (sources) are saved directly in the database.
// Controllers/Categories.php
$data = $this->input->post();
CVE-2023-23024 is assigned
50 XSS vulnerabilities.
Different sources that saved in the database in this project.
For example:
CVE-2023-23025 is asigned
Link: https://www.sourcecodester.com/php-codeigniter-hotel-management-system-source-code
22 XSS vulnerabilities in this project.
Sources will be saved in the database, then it will be printed without sanitization in the view files.
For example,
CVE-2023-23023 is assigned
Link: https://www.sourcecodester.com/php-ci-laundry-management-system-source-code
163 XSS vulnerabilities in this project.
The sources will be saved from the database, then they will pass to the view files.
For example,