Intern0T

**Name of the Vulnerable Software and Affected Versions** AdPeeps version 8.5d1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via various parameters in index.php, including the `uid` parameter, `campaignid` parameter, `type` parameter, `period` parameter, `accname` parameter, `loginpass` parameter, `e9` parameter, `from` parameter, `message` parameter, `idno` parameter, and fields such as Advertiser Name, First Name, Last Name, Address, Phone Number, Password Hint, and URL. Additionally, remote authenticated users can inject arbitrary web script or HTML via an unspecified form associated with a view adrates action. **Recommendations** For AdPeeps version 8.5d1, consider disabling the affected parameters, such as `uid`, `campaignid`, `type`, `period`, `accname`, `loginpass`, `e9`, `from`, `message`, and `idno`, until a patch is available. Restrict access to the affected fields, including Advertiser Name, First Name, Last Name, Address, Phone Number, Password Hint, and URL, to minimize the risk of exploitation. Avoid using the unspecified form associated with the view adrates action until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TBDev.NET version 01-01-08 **Description** The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through several means, including the `returnto` parameter to `makepoll.php`, the `returnto` parameter in a delete action to `polls.php`, or the `Info` or `Avatar` field to `my.php`. **Recommendations** For TBDev.NET version 01-01-08, consider validating and sanitizing user input for the `returnto` parameter in `makepoll.php` and `polls.php`, as well as the `Info` and `Avatar` fields in `my.php` to prevent XSS attacks. As a temporary workaround, restrict access to these parameters and fields until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** transLucid version 1.75 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `NodeID` and `action` parameters to the default URI, and the `NodeID` parameter to the default URI for the admin section. Additionally, remote authenticated users can inject arbitrary web script or HTML via the `Title` (aka page name) and `Url` fields in a new or modified page. **Recommendations** For transLucid version 1.75, consider disabling the `NodeID` and `action` parameters to the default URI, and the `NodeID` parameter to the default URI for the admin section, until a patch is available. Also, restrict access to the `Title` and `Url` fields in new or modified pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pivot versions 1.40.4 through 1.40.7 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via various parameters to different actions in pivot/index.php and pivot/user.php. The affected parameters include the menu, sort, check array, element name, edituser, edit, blog, cat, form fields, url, and username fields in different actions. **Recommendations** For Pivot version 1.40.4, update to a version that fixes the XSS vulnerabilities. For Pivot version 1.40.7, update to a version that fixes the XSS vulnerabilities. As a temporary workaround, consider restricting access to the affected parameters, such as the `menu` and `sort` parameters in the "pivot/index.php" endpoint, the `edituser` parameter in the "edituser action" to "pivot/index.php", and the `username` field in the "my weblog reg user action" to "pivot/user.php", until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Pivot versions 1.40.4 through 1.40.7 **Description** The issue allows remote attackers to obtain sensitive information via an invalid `url` parameter. This is achieved by revealing the installation path in an error message when the `pivot/tb.php` file is accessed. **Recommendations** For versions 1.40.4 through 1.40.7, consider restricting access to the `pivot/tb.php` file until a patch is available. As a temporary workaround, avoid using invalid `url` parameters in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TBDev.NET version 01-01-08 **Description** The issue allows remote attackers to redirect users to arbitrary web sites, potentially leading to phishing attacks. This is achieved via the `returnto` parameter in either the login.php or a delete action to news.php. It can also be leveraged for cross-site scripting (XSS) by redirecting to a data: URI. **Recommendations** For TBDev.NET version 01-01-08, consider restricting or validating the `returnto` parameter in login.php and news.php to prevent redirects to arbitrary sites. As a temporary workaround, avoid using the `returnto` parameter in these endpoints until a more permanent solution is available.