XSS vulnerability in Razor project https://github.com/cobub/razor version 0.8.0
The path of the vulnerability.
//line 98
function uploadchannel()
{
$platform = $_POST['platform'];
XSS vulnerability in Razor project https://github.com/cobub/razor version 0.8.0
The path of the vulnerability.
//line 98
function uploadchannel()
{
$platform = $_POST['platform'];
directory traversal in ICEcoder https://github.com/icecoder/ICEcoder version 8.1
In file https://github.com/icecoder/ICEcoder/blob/master/lib/settings.php
//line 62
if (true === isset($_POST['username']) && "" !== $_POST['username']) {$username = $_POST['username'] . "-";};
$settingsFile = 'config-' . $username . str_replace(".", "_", str_replace("www.", "", $_SERVER['SERVER_NAME'])) . '.php';
// line 110
$ICEcoderUserSettings = $settingsClass->getConfigUsersSettings($settingsFile);
XSS vulnerability in Cacti https://github.com/Cacti/cacti version v1.2.21
The path of the vulnerability. In file https://github.com/Cacti/cacti/blob/develop/graphs_new.php
//line 40
switch (get_request_var('action')) {
case 'save':
form_save();
Header injection vulnerability in phpipam https://github.com/phpipam/phpipam version v1.5.0
The path of the vulnerability:
<?php
//In file https://github.com/phpipam/phpipam/blob/master/app/admin/subnets/ripe-query.php
//line 21
// the source is $_POST[‘subnet’]
$res = $Subnets->resolve_ripe_arin ($_POST['subnet']);
XSS vulnerability in pfsense v2.5.2
The path of the XSS vulnerability in file https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/vendor/filebrowser/browser.php
In this file we get the list of dirs and files in specific directory through the function get_content.
Then we print the list of files as we can see in this simplified code.
// ----- read contents -----
References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20962
In the controller Controllers/CrudController.php
public function show($id){
//...
// set columns from db
$this->crud->setFromDb();
//..
// get the info for that entry
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15489
<input type="text" name="q" class="form-control" placeholder="Search..." value="{!! request()->input('q') !!}">
The sanitization
<input type="text" name="q" class="form-control" placeholder="Search..." value="{{ request()->input('q') }}">
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27371
In AuditLogController in Controllers\Settings\AuditLogController.php
class AuditLogController extends Controller
{
/**
* Display the page listing all the audit logs.
*/
public function index()
Link: https://github.com/RamonSilva20/mapos
Multiple XSS vulnerabilities.
For example,
'telefone' is saved in the DB, then it is retrieved and printed in the view.
In file mapos-master\application\controllers\Clientes.php
Link: phoronix-test-suite/phoronix-test-suite#650
CVE-2022-40704 is assigned to this discovery.
XSS vulnerability.
\\line 41
// Note: the source