XSS

Info Product: WP Live Chat Support Version: 8.0.05 Active installations: 50,000+ Product page: https://wordpress.org/plugins/wp-live-chat-support/ CVE: 2018-9864 1. Description An unauthenticated user could inject arbitrary javascript code in the admin panel by using the text field Name of WP Live Chat Support. Using a single input point it was possible to inject javascript code into two different output points of the admin panel. There were two issues in the external javascript file bleeper-agent-dev....

Info Product: Events Manager Version: 5.8.1.1 Active installations: 100,000+ Product page: https://it.wordpress.org/plugins/events-manager/ CVE: 2018-9020 Description An unauthenticated user or a user without privileges, who can submit an event, can inject javascript code in the Google Maps miniature. The malicious code runs in the admin panel when a user with privileges opens the submitted event. The problem is in the file events-manager.js, the variable mapTitle is not escaped. Proof of Concept Events Manager 5....

In November, I reported various persistent XSS vulnerabilities in AOL Mail to the AOL Security Team. They replied quickly and fixed the vulnerabilities in less than 90 days. 1. Using an unclosed tag, it was possible to inject arbitrary javascript code. The payload ran as soon as the victim opened the site mail.aol.com because the code was in the e-mail preview. 18/11/2017 - I send the report 28/11/2017 - The vulnerability is fixed and I’m rewarded by having my name written in the Hall of Fame...

Info Product: Bookly #1 WordPress Booking Plugin (Lite Version) Version: 13.2 Active installations: 10,000+ Product page: https://wordpress.org/plugins/bookly-responsive-appointment-booking-tool/ CVE: 2018-6891 Description An unauthenticated user can inject arbitrary persistent javascript code in the admin panel. Proof of Concept Bookly Lite 13.2 and Bookly Pro 14.5 are affected, probably even earlier versions. I think the problem is that jQuery.ajax request is not sanitized in ng-payment_details_dialog.js. [*] 07/01/2018 - I send the report 26/01/2018 - Bookly Lite is updated to version 14....

ZOHO Mail is a business mail that includes integrated calendar, contacts, notes, and tasks apps. Initially I was looking for a stored XSS in the webmail, but I did not find it so I started checking the other services. I wondered if it was possible to inject malicious code via attachments in ZOHO Notes. By attaching a local file it wasn’t, but in ZOHO Notes you can attach files from some cloud services: Google Drive, Dropbox, Box and Evernote....