Philopentest

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that breaks out of the JavaScript string and HTML attribute context in the body onload event handler to execute arbitrary scripts when the link is visited by a victim.

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to the project id variable without sanitization in oscal-functions.php, and when the supplied project ID is not found, the unsanitized value is concatenated into an error message via the Messages() function and reflected into the HTML response body without encoding.

Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. Attackers can inject arbitrary JavaScript via crafted dir parameter values by breaking out of the title context or injecting event handlers into breadcrumb anchor attributes to execute malicious scripts in a victim's browser.

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routes nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id GET parameter directly into a hidden input field VALUE attribute. Attackers can craft a malicious URL containing a JavaScript payload in the ticket id parameter that executes in the victim's browser when the URL is visited.

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm query POST parameter directly into an HTML input field VALUE attribute. Attackers can craft a malicious request containing a JavaScript payload in the frm query parameter that executes in the victim's browser when submitted.

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in street view.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments. Attackers can craft a malicious URL containing a JavaScript payload in either parameter that executes in the victim's browser when the URL is visited.

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in do unit mail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the the ticket GET parameter directly into a JavaScript variable assignment. Attackers can craft a malicious URL containing a JavaScript payload in the the ticket parameter that executes in the victim's browser when the URL is visited.

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single unit.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id GET parameter directly into an HTML attribute. Attackers can craft a malicious URL containing a JavaScript payload in the id parameter that executes in the victim's browser when the URL is visited.

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id GET parameter directly into an HTML attribute. Attackers can craft a malicious URL containing a JavaScript payload in the id parameter that executes in the victim's browser when the URL is visited.

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add note.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id GET parameter directly into a hidden input field VALUE attribute. Attackers can craft a malicious URL containing a JavaScript payload in the ticket id parameter that executes in the victim's browser when the URL is visited.

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient JF.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id GET parameter directly into a JavaScript variable assignment. Attackers can craft a malicious URL containing a JavaScript payload in the ticket id parameter that executes in the victim's browser when the URL is visited.

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in opena.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm call GET parameter directly into page output. Attackers can craft a malicious URL containing a JavaScript payload in the frm call parameter that executes in the victim's browser when the URL is visited.

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add facnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id GET parameter directly into a hidden input field VALUE attribute. Attackers can craft a malicious URL containing a JavaScript payload in the ticket id parameter that executes in the victim's browser when the URL is visited.

**Name of the Vulnerable Software and Affected Versions** XinLiangCoder php api doc through commit 1ce5bbf **Description** The software contains a reflected cross-site scripting issue in the `list method.php` file. This allows remote attackers to execute arbitrary JavaScript in a victim’s browser by injecting malicious code through the `f` parameter. Attackers can craft a malicious URL with unsanitized input in the GET request parameter, which is output directly to the page without proper neutralization. This could enable session hijacking, credential theft, or malware distribution within the application context. **Recommendations** Versions prior to commit 1ce5bbf should be updated.

**Name of the Vulnerable Software and Affected Versions** Linkit ONE Location Aware Sensor System versions up to commit f06bd20 (2023-04-26) **Description** The Location Aware Sensor System by Linkit ONE is susceptible to a reflected cross-site scripting issue in the `PM25.php` file. This allows remote attackers to execute arbitrary JavaScript code by injecting malicious code into GET parameters. Specifically, attackers can craft a malicious URL containing unencoded payloads in the `site`, `city`, `district`, `channel`, or `apikey` parameters. When a user visits the crafted URL, scripts are executed in their browser. **Recommendations** Versions up to commit f06bd20 (2023-04-26) should be updated.

**Name of the Vulnerable Software and Affected Versions** SVXportal versions prior to 2.6 **Description** The application has a reflected cross-site scripting issue in the 'log.php' file through the `search query` parameter. The application directly includes the unsanitized parameter value into an HTML input value attribute. This allows a remote attacker to inject and execute arbitrary JavaScript in a victim’s browser by sending a crafted URL. Successful exploitation could lead to session data theft, unauthorized actions performed as the victim, or modification of displayed content. **Recommendations** Versions prior to 2.6 should be updated.

**Name of the Vulnerable Software and Affected Versions** SVXportal versions prior to 2.5 **Description** SVXportal versions 2.5 and earlier are susceptible to a reflected cross-site scripting issue within the `admin/log.php` component. The issue occurs due to the application embedding unsanitized data from the `search query` parameter directly into an HTML input value attribute. This allows an attacker to execute arbitrary JavaScript code in the browser of an authenticated administrator who views a specially crafted URL. Successful exploitation could lead to session hijacking, unauthorized administrative actions, or other browser-based compromises performed with the privileges of an administrator. The vulnerable parameter is `search query`. **Recommendations** Versions prior to 2.5: Update to a newer version that addresses this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SVXportal versions prior to 2.5 **Description** SVXportal versions prior to 2.5 are affected by a reflected cross-site scripting issue in the `radiomobile front.php` file. The issue occurs due to the application embedding unsanitized data from the `stationid` query parameter into a hidden input value field when an authenticated administrator views a specially crafted URL. This allows for attacker-supplied script injection and execution within the administrator’s browser, potentially leading to compromised admin sessions or unauthorized actions performed with the administrator’s privileges. The vulnerable parameter is `stationid`. **Recommendations** Update SVXportal to a version later than 2.5.

**Name of the Vulnerable Software and Affected Versions** SVXportal versions prior to 2.5 **Description** The software contains a stored cross-site scripting issue in the user registration process. The `index.php` page submits data to the `admin/user action.php` endpoint. User-provided data, including the `Firstname`, `lastname`, and `email` fields, is saved to the backend database without proper output encoding. This data is then displayed in the administrator interface via the `admin/users.php` page, enabling an unauthenticated remote attacker to inject and execute arbitrary JavaScript code within an administrator’s browser. **Recommendations** Update to a version later than 2.5.

**Name of the Vulnerable Software and Affected Versions** SVXportal versions prior to 2.5 **Description** SVXportal versions prior to 2.5 are affected by a stored cross-site scripting issue in the user profile update workflow. An authenticated user can inject malicious HTML or JavaScript into fields like Firstname, lastname, email, and image url. This malicious content is stored and then rendered without proper output encoding in the administrator interface, specifically in the `admin/users.php` page. This can lead to JavaScript execution in an administrator’s browser when viewing the affected page. The vulnerable workflow involves `user settings.php` submitting data to `admin/update user.php`. **Recommendations** Update SVXportal to version 2.5 or later.