Helpdeskz 2.0.2 Cross Site Scripting

Exploit Title: Stored XSS Vulnerability via File Name Google Dork: N/A Date: 08 Aug 2024 Exploit Author: Md. Sadikul Islam Vendor Homepage: https://www.helpdeskz.com/ Software Link: https://github.com/helpdesk-z/helpdeskz-dev/archive/2.0.2.zip Version: v2.0.2 Tested on: Kali Linux / Firefox...

U.S. Dept Of Defense: Email Takeover leads to permanent account deletion

The security vulnerability found allowed an attacker to change the email address of a victim's account, leading to the permanent deletion of the victim's account. The vulnerability was caused by improper authentication on the change email functionality...

Exploit for Unrestricted Upload of File with Dangerous Type in F-Logic Datacube3

CVE-2024-25830 and CVE-2024-25832 - DataCube3 Improper Access...

Store XSS when Add Reviewer

Description Store XSS when Add Reviewer Proof of Concept Payload: TESTalertdocument.domain Video Poc https://drive.google.com/file/d/16o4w6V-uCpkshFXYBb-pZRflpl7N3Sy4/view?usp=sharing...

CSRF in Send Reminder

Description CSRF in Send Reminder Proof of Concept 1 .Attacker sent form fake to victim history.pushState'', '', '/'; document.forms0.submit; 2 .Victim click, execute send reminder unexpected Video Poc https://drive.google.com/file/d/1eibfxIbACA6DWObg2bjZjJBiqTPlwWd/view?usp=sharing...

Reflected XSS in /admin/index.php

Description Description I noticed, your website is very secure. But you overlooked a flaw XSS Proof of Concept 1. Step 1: Access the demo website 2. Step 2: Access admin/index.php?action=ngductung"img src/onerror="alert'XSS' 3. Step 3: Detect XSS Video PoC...

CSRF Edit Locale files

Description CSRF edit Locale files Proof of Concept 1 .Attack sends fake requests to users history.pushState'', '', '/'; document.forms0.submit; 2 .User click, edited unwanted Locale files Payload Poc https://drive.google.com/file/d/1wpgmDoK0fGsiPSKfThVoEWq50pj7sBz5/view?usp=sharing Video Poc...

Store XSS at Label sets list in (Version 6.2.7)

Description First of all, I apologize for reporting back. I noticed, the latest current version is 6.2.7. XSS vulnerabilities still exist Proof of Concept Detail: 1 .Login and access Label sets list 2 .Create new label set 3 . Insert payload in to Title haido" onclick="alert1 4 .Click save ==...

Store DOM XSS in FAQ

Description I noticed, your website is very secure. But you overlooked a flaw XSS Proof of Concept 1 .Login vs admin demo account and access admin page. 2 .Create a category, Question with payload: haidoalertdocument.domain 3 .Select FAQ status published and Sticky 4 .Back to the homepage, detect...

Stored xss using journal-name

BUG ======== Stored xss using journal-name ACCOUNT ========== 1. user-A -- superadmin -- Victim -- Firefox browser Normal mode\ 2. user-B -- journal manager -- Attacker -- Firefox browser Container-1\ STEP TO RERPODUCE ====================== 1. From user-A account create a journal called...

Store XSS in Widgets and pages

Description I noticed that you filtered the comment very carefully. But there are still some parts you missed Proof of Concept 1 .Login with admin 2 .Go to "https://demo.instantcms.io/admin/widgets" 3 . Insert payload in Position name and Title test" onmouseover = "alertdocument.cookie 4 .Click...

DOM XSS at index FBD Table

Description I think your website is quite secure. But you overlooked the XSS vulnerability. Proof of Concept 1 .Login with demo account 2 .Access the link https://demo.librenms.org/search/search=fdb and insert the payload test123"alert1alertdocument.cookie 3 .Hit enter, XSS vulnerability detected...

Dom XSS in module "Search IPv4"

Description 1 .Access to IPv4 search function 2 .Enter the payload in the IPv4 field to perform the search Payload : "alertdocument.cookie 3 .Enter the search button and the payload will be executed Poc Video poc https://drive.google.com/file/d/1A-zwXxsA-7GHa0iGfRGQc61JkOb-4A38/view?usp=sharing...

DOM XSS in https://demo.librenms.org/ports

Description I noticed, your website is very secure. But you overlooked a flaw XSS Detail: 1 .Login with demo account. 2 .Go to the link: https://demo.librenms.org/ports 3 .Insert payload and press enter: test' onclick='alertdocument.cookie 4 .Click on the box hostname or port, detect XSS Proof of...

DOM XSS in https://demo.librenms.org/eventlog

Description I noticed, your website is very secure. But you overlooked a flaw XSS Detail: 1 .Login with demo account. 2 .Go to the link: https://demo.librenms.org/eventlog and click Filter 3 .Use burp suite to block proxy and inject payload in eventtype: test%22-alertdocument.cookie// 4 .Check,...

DOM Cross Side Scripting

Description Hello team, Recently i found that, DOM XSS on profile language field there is a DOM XSS Proof of Concept Video poc: https://screencast-o-matic.com/watch/c01067VBWlV Step: 1. Login as simple user 2. Click on settings and select profile tab. 3. Click on change language as 'english' and...

Stored XSS in module name "Edit Link"

Description I noticed that you filtered the input very carefully. But there are still some parts you missed Proof of Concept 1.Login in URL : https://demo.pimcore.fun/admin. 2.Go to "Search Documents" and filter only "Snippet" search and press search. 3.Go to "/en/shared/teasers/Popular Brands"...

Stored XSS in module name "Search Documents"

Description The search documents function was infected with xss because the title payload was not filtered resulting in xss when searching to /de. Proof of Concept 1.Go to edit page title /de 2.Enter this xss code 3.Go to "Search Documents" and type in "77" search box to find /de -- xss will be...

GHSA-XR9H-P2RC-RPQM WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account

In AVideo, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but I found out that it did not properly sanitize the malicious characters when creating a Meeting Room. This leads the attacker to put malicious scripts. Impact: Since any USER including...

Stored XSS in name parameter of "Customers Reports"

Description The name parameter of the "Static Routes" functionality is vulnerable to stored XSS. Proof of Concept 1.Login to https://demo.pimcore.fun/admin/. 2.Now go to Marketing - Customers Reports - Add and Enter the name of the new item a-zA-Z-. 3.Then capture the request on the burp suite an...