Vulnerability-Lab

WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like onload that execute when administrators or privileged users preview or view the affected page content, enabling session hijacking and persistent phishing attacks.

**Nome do Software Vulnerável e Versões Afetadas** Rocket LMS versão 1.1 **Descrição** Um problema de cross-site scripting persistente existe no módulo de tickets de suporte. Usuários autenticados podem injetar código de script malicioso através do parâmetro `title`. Isso permite que atacantes enviem tickets de suporte contendo payloads de HTML ou JavaScript incorporados que são executados nos navegadores de outros usuários ao visualizarem o histórico de mensagens, podendo levar a ataques de phishing e sequestro de sessão (a aquisição não autorizada do token de sessão de um usuário para se passar por ele). **Recomendações** Como medida paliativa temporária, restrinja o acesso ao módulo de tickets de suporte ou evite usar o parâmetro `title` até que uma correção seja aplicada. No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** VestaCP version 0.9.8-26 **Description** The software contains a session token issue within the LoginAs module. This allows remote attackers to manipulate authentication tokens due to insufficient validation. Exploitation can lead to unauthorized access to user accounts and login requests without administrative privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Froxlor Server Management Panel versão 0.10.16 **Description** Um problema de cross-site scripting persistente existe nos campos de entrada de registro de clientes. Isso permite que atacantes injetem scripts maliciosos usando os parâmetros `username`, `name` e `firstname`, que são executados quando administradores visualizam os módulos de tráfego de clientes. **Recommendations** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Isshue Shopping Cart version 3.5 **Description** The software contains a persistent cross-site scripting issue in title input fields within the stock, customer, and invoice modules. An attacker with elevated privileges can inject malicious scripts that execute upon preview, potentially leading to session hijacking and persistent phishing attacks. The vulnerability affects the `title` input fields. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider sanitizing all user-supplied input for the `title` fields in the stock, customer, and invoice modules. Restrict access to the affected modules to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ametys CMS version 4.4.1 **Description** Ametys CMS version 4.4.1 has a persistent cross-site scripting issue in the link directory’s input fields for external links. An attacker can inject malicious script code into the link text and descriptions, leading to persistent attacks that can compromise user sessions and manipulate application modules. The issue allows for the execution of malicious scripts when users access the affected links. **Recommendations** Update Ametys CMS to a version that addresses this issue. As a temporary workaround, sanitize all input data for external links in the link directory to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** RDP Manager version 4.9.9.3 **Description** RDP Manager is susceptible to a denial of service condition. Local attackers can exploit this by providing oversized input in the 'Verbindungsname' and 'Server' fields, leading to application crashes and potentially requiring reinstallation. **Recommendations** Update to a newer version that contains a fix for this vulnerability.