4 matches found
CVE-2022-31299
Haraj 3.7 contains a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form. The NVD/Nuclei entries describe a reflected XSS that could allow an attacker to execute malicious scripts in a victim’s browser, potentially enabling credential theft and session-related attacks. An ...
CVE-2022-31298
Haraj v3.7 contains a cross-site scripting (XSS) vulnerability in the ads comments section that allows execution of arbitrary web scripts or HTML via a crafted POST request. The CVE description is corroborated by multiple sources across CVE records (NVD, CNVD, Red Hat, etc.), all referencing the ...
CVE-2022-31300
Haraj v3.7 has a cross-site scripting vulnerability in the DM Section component, enabling arbitrary scripts via a crafted POST request. The issue stems from insufficient data validation/filtering and output encoding in DM components, allowing attackers to inject and execute scripts (reported as a...
CVE-2022-31301
Haraj v3.7 contains a stored XSS vulnerability in the Post Ads component. The CVE-2022-31301 entry aligns with multiple sources (NVD, Red Hat, CNVD, CNNVD, CVE.org) describing a stored XSS in Haraj’s Post Ads. An exploit exists on GitHub (Exploit for Cross-site Scripting in Angtech Haraj) detaili...