daffainfo
/
daffa.info
mirror of https://github.com/daffainfo/daffa.info.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

First Push

main
Muhammad Daffa 2022-09-17 04:59:49 +00:00
parent 1cb5bb2002
commit a238a5c435
82 changed files with 7690 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
archetypes/default.md Normal file
View File

@ -0,0 +1,6 @@
---
title: "{{ replace .Name "-" " " | title }}"
date: {{ .Date }}
draft: true
---

148
config.yml Normal file
View File

@ -0,0 +1,148 @@
baseURL: "https://daffa.info/"
title: Muhammad Daffa
paginate: 5
theme: PaperMod
enableRobotsTXT: true
buildDrafts: false
buildFuture: false
buildExpired: false
minify:
disableXML: true
minifyOutput: true
params:
env: production # to enable google analytics, opengraph, twitter-cards and schema.
title: Muhammad Daffa
description: "Portfolio by Muhammad Daffa"
keywords: [Blog, Portfolio]
author: Muhammad Daffa
# author: ["Me", "You"] # multiple authors
images: ["<link or path of image for opengraph, twitter-cards>"]
DateFormat: "January 2, 2006"
defaultTheme: auto # dark, light
disableThemeToggle: false
ShowReadingTime: true
ShowShareButtons: true
ShowPostNavLinks: true
ShowBreadCrumbs: true
ShowCodeCopyButtons: false
ShowWordCount: true
ShowRssButtonInSectionTermList: true
UseHugoToc: true
disableSpecial1stPost: false
disableScrollToTop: false
comments: false
hidemeta: false
hideSummary: false
showtoc: false
tocopen: false
assets:
# disableHLJS: true # to disable highlight.js
# disableFingerprinting: true
favicon: "<link / abs url>"
favicon16x16: "<link / abs url>"
favicon32x32: "<link / abs url>"
apple_touch_icon: "<link / abs url>"
safari_pinned_tab: "<link / abs url>"
label:
text: "Home"
icon: /apple-touch-icon.png
iconHeight: 35
# profile-mode
profileMode:
enabled: true # needs to be explicitly set
title: Muhammad Daffa
subtitle: "Vulnerability Researcher at spiderSilk"
imageUrl: "https://avatars.githubusercontent.com/u/36522826"
imageWidth: 200
imageHeight: 200
imageTitle: Muhammad Daffa
buttons:
- name: Read More
url: profile
# home-info mode
# homeInfoParams:
# Title: "Hi there \U0001F44B"
# Content: My name is Muhammad Daffa, you can call me Daffa. I like to make several programs to help with penetration testing. I also enjoy contributing to open source repositories, especially those related to cyber security such as nuclei-templates. Let me know if you have a good repository that I can contribute to :)
socialIcons:
- name: twitter
url: "https://twitter.com/daffainfo"
- name: linkedin
url: "https://www.linkedin.com/in/muhdaffa"
- name: medium
url: "https://muhdaffa.medium.com/"
- name: github
url: "https://github.com/daffainfo"
- name: email
url: "mailto:muhammaddaffa.info@gmail.com"
# analytics:
# google:
# SiteVerificationTag: "XYZabc"
# bing:
# SiteVerificationTag: "XYZabc"
# yandex:
# SiteVerificationTag: "XYZabc"
cover:
hidden: true # hide everywhere but not in structured data
hiddenInList: true # hide on list pages and home
hiddenInSingle: true # hide on single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
# for search
# https://fusejs.io/api/options.html
fuseOpts:
isCaseSensitive: false
shouldSort: true
location: 0
distance: 1000
threshold: 0.4
minMatchCharLength: 0
keys: ["title", "permalink", "summary", "content"]
menu:
main:
- identifier: profile
name: About
url: /profile/
weight: 10
- identifier: portfolio
name: Portfolio
url: /portfolio/
weight: 20
- identifier: blog
name: Blog
url: /blog/
weight: 20
- identifier: search
name: Search
url: /search/
weight: 20
# Read: https://github.com/adityatelange/hugo-PaperMod/wiki/FAQs#using-hugos-syntax-highlighter-chroma
pygmentsUseClasses: true
markup:
highlight:
noClasses: false
# anchorLineNos: true
# codeFences: true
# guessSyntax: true
# lineNos: true
# style: monokai
outputs:
home:
- HTML
- RSS
- JSON

55
content/cve/CVE-2021-24519.md Normal file
View File

@ -0,0 +1,55 @@
---
title: "CVE-2021-24519"
date: 2021-07-19T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: false
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue
## Plugin Name
[VikRentCar](https://wordpress.org/plugins/vikrentcar/)
## Installation Number
1,000+
## Affected Version
<= 1.1.9
## Fixed Version
1.1.10
## Advisory Link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519)
* [WPScan](https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c)

55
content/cve/CVE-2021-24531.md Normal file
View File

@ -0,0 +1,55 @@
---
title: "CVE-2021-24531"
date: 2021-07-21T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "Charitable - Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
The Charitable - Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.
## Plugin Name
[Charitable](https://wordpress.org/plugins/charitable/)
## Installation Number
10,000+
## Affected Version
<= 1.6.50
## Fixed Version
1.6.51
## Advisory Link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24531)
* [WPScan](https://wpscan.com/vulnerability/a5837621-ee6e-4876-9f65-82658fc0341f)

55
content/cve/CVE-2021-24561.md Normal file
View File

@ -0,0 +1,55 @@
---
title: "CVE-2021-24561"
date: 2021-07-26T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue
## Plugin Name
[WP SMS Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc](https://wordpress.org/plugins/wp-sms/)
## Installation Number
8,000+
## Affected Version
<= 5.4.12
## Fixed Version
5.4.13
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24561)
* [WPScan](https://wpscan.com/vulnerability/5433ef4c-4451-4b6e-992b-69c5eccabf90)

56
content/cve/CVE-2022-23983.md Normal file
View File

@ -0,0 +1,56 @@
---
title: "CVE-2022-23983"
date: 2022-02-21T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "WP Content Copy Protection & No Right Click < 3.4.5 - Settings Update via CSRF"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: true
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: true
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4).
## Plugin Name
[WP Content Copy Protection & No Right Click](https://wordpress.org/plugins/wp-content-copy-protection-no-right-click/)
## Installation Number
100,000+
## Affected Version
<= 3.4.4
## Fixed Version
3.4.5
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23983)
* [WPScan](https://wpscan.com/vulnerability/b6733721-56fc-44f5-b18b-cd5793517515)
* [Patchstack](https://patchstack.com/database/vulnerability/wp-content-copy-protector/wordpress-wp-content-copy-protection-no-right-click-plugin-3-4-4-cross-site-request-forgery-csrf-leads-to-settings-update-vulnerability)

57
content/cve/CVE-2022-23984.md Normal file
View File

@ -0,0 +1,57 @@
---
title: "CVE-2022-23984"
date: 2022-02-21T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "wpDiscuz < 7.3.12 - Sensitive Information Disclosure"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: true
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: true
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11).
## Plugin Name
[wpDiscuz](https://wordpress.org/plugins/wpdiscuz/)
## Installation Number
90,000+
## Affected Version
<= 7.3.11
## Fixed Version
7.3.12
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23984)
* [WPScan](https://wpscan.com/vulnerability/027e6ef8-39d8-4fa9-957f-f53ee7175c0a)
* [Patchstack](https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-wpdiscuz-plugin-7-3-11-sensitive-information-disclosure-vulnerability)

57
content/cve/CVE-2022-25618.md Normal file
View File

@ -0,0 +1,57 @@
---
title: "CVE-2022-25618"
date: 2022-04-04T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "wpDataTables < 2.1.28 - Admin+ Stored Cross-Site Scripting"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: true
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: true
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27
## Plugin Name
[wpDataTables](https://wordpress.org/plugins/wpdatatables/)
## Installation Number
60,000+
## Affected Version
<= 2.1.27
## Fixed Version
2.1.28
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25618)
* [WPScan](https://wpscan.com/vulnerability/02a8b0bc-e434-4be5-8892-cba13d1b4329)
* [Patchstack](https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-stored-cross-site-scripting-xss-vulnerability)

57
content/cve/CVE-2022-27844.md Normal file
View File

@ -0,0 +1,57 @@
---
title: "CVE-2022-27844"
date: 2022-04-11T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "WPvivid Backup and Migration Plugin < 0.9.71 - Admin+ Arbitrary File Download"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: true
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: true
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging WPvivid (WordPress plugin) versions <= 0.9.70
## Plugin Name
[WPvivid](https://wordpress.org/plugins/wpvivid-backup-restore/)
## Installation Number
200,000+
## Affected Version
<= 0.9.70
## Fixed Version
0.9.71
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27844)
* [WPScan](https://wpscan.com/vulnerability/e15703bd-d23d-46fc-8fc9-a3c6d851df0a)
* [Patchstack](https://patchstack.com/database/vulnerability/wpvivid-backuprestore/wordpress-wpvivid-plugin-0-9-70-arbitrary-file-read-vulnerability)

56
content/cve/CVE-2022-27848.md Normal file
View File

@ -0,0 +1,56 @@
---
title: "CVE-2022-27848"
date: 2022-04-14T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "Modern Events Calendar Lite < 6.5.2 - Admin+ Stored Cross-Site Scripting"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: true
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: true
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1
## Plugin Name
[Modern Events Calendar Lite](https://wordpress.org/plugins/modern-events-calendar-lite/)
## Installation Number
100,000+ (Closed)
## Affected Version
<= 6.5.1
## Fixed Version
6.5.2
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27848)
* [WPScan](https://wpscan.com/vulnerability/ef2843d0-f84d-4093-a08b-342ed0848914)
* [Patchstack](https://patchstack.com/database/vulnerability/modern-events-calendar-lite/wordpress-modern-events-calendar-lite-plugin-6-5-1-authenticated-stored-cross-site-scripting-xss-vulnerability)

56
content/cve/CVE-2022-33201.md Normal file
View File

@ -0,0 +1,56 @@
---
title: "CVE-2022-33201"
date: 2022-05-08T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "MailerLite - Signup forms (official) < 1.5.7 - API Key Update via CSRF"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: true
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: true
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Cross-Site Request Forgery (CSRF) vulnerability in MailerLite Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key.
## Plugin Name
[MailerLite Signup forms (official)](https://wordpress.org/plugins/official-mailerlite-sign-up-forms/)
## Installation Number
60,000+
## Affected Version
<= 1.5.6
## Fixed Version
1.5.7
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33201)
* [WPScan](https://wpscan.com/vulnerability/dcce9241-4903-40dc-98d1-0abc30a3f779)
* [Patchstack](https://patchstack.com/database/vulnerability/official-mailerlite-sign-up-forms/wordpress-mailerlite-signup-forms-official-plugin-1-5-7-cross-site-request-forgery-csrf-vulnerability)

56
content/cve/CVE-2022-34347.md Normal file
View File

@ -0,0 +1,56 @@
---
title: "CVE-2021-24519"
date: 2022-08-22T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "Download Manager < 3.2.49 - Clear Stats & Cache via CSRF"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: true
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: true
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
## Plugin Name
[Download Manager](https://wordpress.org/plugins/download-manager/)
## Installation Number
100,000+
## Affected Version
<= 3.2.48
## Fixed Version
3.2.49
## Advisory Link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34347)
* [WPScan](https://wpscan.com/vulnerability/1fe07196-52d4-40c5-b01d-69852b4fb9c5)
* [Patchstack](https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3-2-48-cross-site-request-forgery-csrf-vulnerability)

56
content/cve/CVE-2022-36282.md Normal file
View File

@ -0,0 +1,56 @@
---
title: "CVE-2022-36282"
date: 2022-08-23T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "Search Exclude < 1.2.7 - Author+ Stored Cross-Site Scripting"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: true
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: true
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's Search Exclude plugin <= 1.2.6 at WordPress.
## Plugin Name
[Search Exclude](https://wordpress.org/plugins/search-exclude/)
## Installation Number
60,000+
## Affected Version
<= 1.2.6
## Fixed Version
1.2.7
## Advisory Link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36282)
* [WPScan](https://wpscan.com/vulnerability/52841b21-493f-4e63-bcbf-528089955e4f)
* [Patchstack](https://patchstack.com/database/vulnerability/search-exclude/wordpress-search-exclude-plugin-1-2-6-authenticated-stored-cross-site-scripting-xss-vulnerability)

56
content/cve/CVE-2022-36346.md Normal file
View File

@ -0,0 +1,56 @@
---
title: "CVE-2022-36346"
date: 2022-08-22T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "MaxButtons < 9.3 - Arbitrary Settings Update via CSRF"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: true
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: true
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress.
## Plugin Name
[MaxButtons](https://wordpress.org/plugins/maxbuttons/)
## Installation Number
100,000+
## Affected Version
<= 9.2
## Fixed Version
9.3
## Advisory Link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36346)
* [WPScan](https://wpscan.com/vulnerability/c1b448e0-430a-4f47-aded-77af8d291232)
* [Patchstack](https://patchstack.com/database/vulnerability/maxbuttons/wordpress-maxbuttons-plugins-9-2-multiple-cross-site-request-forgery-csrf-vulnerabilities)

6
content/cve/_index.md Normal file
View File

@ -0,0 +1,6 @@
---
title: "CVEs"
layout: "archives"
# url: "/archives"
summary: "List of all my CVEs"
---

14
content/portfolio/_index.md Normal file
View File

@ -0,0 +1,14 @@
---
author: "Muhammad Daffa"
title: "Placeholder Text"
date: "2019-03-09"
description: "Lorem Ipsum Dolor Si Amet"
tags: ["markdown", "text"]
hideMeta: true
searchHidden: true
ShowBreadCrumbs: false
---
Test
Test
Test

4
content/search.md Normal file
View File

@ -0,0 +1,4 @@
---
title: "Search"
layout: "search"
---

87
public/404.html Normal file
View File

@ -0,0 +1,87 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>404 Page not found | Muhammad Daffa</title>
<meta name=keywords content>
<meta name=description content="Portfolio by Muhammad Daffa">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://daffa.info/404.html>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="404 Page not found">
<meta property="og:description" content="Portfolio by Muhammad Daffa">
<meta property="og:type" content="website">
<meta property="og:url" content="https://daffa.info/404.html"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
<meta name=twitter:title content="404 Page not found">
<meta name=twitter:description content="Portfolio by Muhammad Daffa">
</head>
<body class=list id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<div class=not-found>404</div>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

7
public/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css Normal file
View File

File diff suppressed because one or more lines are too long

7
public/assets/css/stylesheet.bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20.css Normal file
View File

File diff suppressed because one or more lines are too long

44
public/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js Normal file
View File

File diff suppressed because one or more lines are too long

19
public/assets/js/search.1943d4c8dfc6e73d572d17ccfc55c943211a702f7734fab3645d5b715395679e.js Normal file
View File

File diff suppressed because one or more lines are too long

92
public/categories/index.html Normal file
View File

@ -0,0 +1,92 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>Categories | Muhammad Daffa</title>
<meta name=keywords content>
<meta name=description content="Portfolio by Muhammad Daffa">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://daffa.info/categories/>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<link rel=alternate type=application/rss+xml href=https://daffa.info/categories/index.xml>
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="Categories">
<meta property="og:description" content="Portfolio by Muhammad Daffa">
<meta property="og:type" content="website">
<meta property="og:url" content="https://daffa.info/categories/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
<meta name=twitter:title content="Categories">
<meta name=twitter:description content="Portfolio by Muhammad Daffa">
</head>
<body class=list id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<header class=page-header>
<h1>Categories</h1>
</header>
<ul class=terms-tags>
</ul>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

13
public/categories/index.xml Normal file
View File

@ -0,0 +1,13 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
<channel>
<title>Categories on Muhammad Daffa</title>
<link>https://daffa.info/categories/</link>
<description>Recent content in Categories on Muhammad Daffa</description>
<image>
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator><atom:link href="https://daffa.info/categories/index.xml" rel="self" type="application/rss+xml" />
</channel>
</rss>

164
public/cve/cve-2021-24519/index.html Normal file
View File

@ -0,0 +1,164 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/cve/cve-2021-24519/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="cve">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"CVEs","item":"https://daffa.info/cve/"},{"@type":"ListItem","position":2,"name":"CVE-2021-24519","item":"https://daffa.info/cve/cve-2021-24519/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nInstallation Number 1,000+\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"64","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/cve/cve-2021-24519/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#installation-number>Installation Number</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
<p>1,000+</p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/cve/cve-2021-24531/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24531</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24519%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24519%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24519%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24519%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

169
public/cve/cve-2021-24531/index.html Normal file
View File

@ -0,0 +1,169 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24531 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Charitable - Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24531">
<meta property="og:description" content="Charitable - Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/cve/cve-2021-24531/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="cve">
<meta property="article:published_time" content="2021-07-21T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-21T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24531">
<meta name=twitter:description content="Charitable - Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"CVEs","item":"https://daffa.info/cve/"},{"@type":"ListItem","position":2,"name":"CVE-2021-24531","item":"https://daffa.info/cve/cve-2021-24531/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24531","name":"CVE-2021-24531","description":"Charitable - Donation Plugin ","keywords":["cve"],"articleBody":"Description The Charitable - Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.\nPlugin Name Charitable\nInstallation Number 10,000+\nAffected Version Fixed Version 1.6.51\nAdvisory Link MITRE WPScan ","wordCount":"44","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-21T11:30:03Z","dateModified":"2021-07-21T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/cve/cve-2021-24531/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24531
</h1>
<div class=post-description>
Charitable - Donation Plugin &lt; 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-21 11:30:03 +0000 UTC">July 21, 2021</span>&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#installation-number>Installation Number</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The Charitable - Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/charitable/>Charitable</a></p>
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
<p>10,000+</p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.6.50</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.6.51</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24531">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/a5837621-ee6e-4876-9f65-82658fc0341f>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/cve/cve-2021-24561/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24561</span>
</a>
<a class=next href=https://daffa.info/cve/cve-2021-24519/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24531&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24531%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24531%2f&title=CVE-2021-24531&summary=CVE-2021-24531&source=https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24531%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24531%2f&title=CVE-2021-24531"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24531%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24531%20-%20https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24531%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24531&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24531%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

169
public/cve/cve-2021-24561/index.html Normal file
View File

@ -0,0 +1,169 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24561 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24561">
<meta property="og:description" content="WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/cve/cve-2021-24561/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="cve">
<meta property="article:published_time" content="2021-07-26T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-26T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24561">
<meta name=twitter:description content="WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"CVEs","item":"https://daffa.info/cve/"},{"@type":"ListItem","position":2,"name":"CVE-2021-24561","item":"https://daffa.info/cve/cve-2021-24561/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24561","name":"CVE-2021-24561","description":"WP SMS ","keywords":["cve"],"articleBody":"Description The WP SMS WordPress plugin before 5.4.13 does not sanitise the “wp_group_name” parameter before outputting it back in the “Groups” page, leading to an Authenticated Stored Cross-Site Scripting issue\nPlugin Name WP SMS Messaging \u0026 SMS Notification for WordPress, WooCommerce, GravityForms, etc\nInstallation Number 8,000+\nAffected Version Fixed Version 5.4.13\nAdvisory link MITRE WPScan ","wordCount":"58","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-26T11:30:03Z","dateModified":"2021-07-26T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/cve/cve-2021-24561/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24561
</h1>
<div class=post-description>
WP SMS &lt; 5.4.13 - Authenticated Stored Cross-Site Scripting
</div>
<div class=post-meta><span title="2021-07-26 11:30:03 +0000 UTC">July 26, 2021</span>&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#installation-number>Installation Number</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The WP SMS WordPress plugin before 5.4.13 does not sanitise the &ldquo;wp_group_name&rdquo; parameter before outputting it back in the &ldquo;Groups&rdquo; page, leading to an Authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/wp-sms/>WP SMS Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc</a></p>
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
<p>8,000+</p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 5.4.12</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>5.4.13</p>
<h2 id=advisory-link>Advisory link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24561">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/5433ef4c-4451-4b6e-992b-69c5eccabf90>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/cve/cve-2022-23984/>
<span class=title>« Prev</span>
<br>
<span>CVE-2022-23984</span>
</a>
<a class=next href=https://daffa.info/cve/cve-2021-24531/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24531</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24561&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24561%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24561%2f&title=CVE-2021-24561&summary=CVE-2021-24561&source=https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24561%2f&title=CVE-2021-24561"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24561%20-%20https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24561&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2021-24561%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

170
public/cve/cve-2022-23983/index.html Normal file
View File

@ -0,0 +1,170 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2022-23983 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="WP Content Copy Protection & No Right Click < 3.4.5 - Settings Update via CSRF">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2022-23983">
<meta property="og:description" content="WP Content Copy Protection & No Right Click < 3.4.5 - Settings Update via CSRF">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/cve/cve-2022-23983/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="cve">
<meta property="article:published_time" content="2022-02-21T11:30:03+00:00">
<meta property="article:modified_time" content="2022-02-21T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2022-23983">
<meta name=twitter:description content="WP Content Copy Protection & No Right Click < 3.4.5 - Settings Update via CSRF">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"CVEs","item":"https://daffa.info/cve/"},{"@type":"ListItem","position":2,"name":"CVE-2022-23983","item":"https://daffa.info/cve/cve-2022-23983/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2022-23983","name":"CVE-2022-23983","description":"WP Content Copy Protection \u0026 No Right Click ","keywords":["cve"],"articleBody":"Description Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection \u0026 No Right Click WordPress plugin (versions Plugin Name WP Content Copy Protection \u0026 No Right Click\nInstallation Number 100,000+\nAffected Version Fixed Version 3.4.5\nAdvisory link MITRE WPScan Patchstack ","wordCount":"51","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2022-02-21T11:30:03Z","dateModified":"2022-02-21T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/cve/cve-2022-23983/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2022-23983
</h1>
<div class=post-description>
WP Content Copy Protection & No Right Click &lt; 3.4.5 - Settings Update via CSRF
</div>
<div class=post-meta><span title="2022-02-21 11:30:03 +0000 UTC">February 21, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;51 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#installation-number>Installation Number</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions &lt;= 3.4.4).</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/wp-content-copy-protection-no-right-click/>WP Content Copy Protection & No Right Click</a></p>
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
<p>100,000+</p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 3.4.4</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>3.4.5</p>
<h2 id=advisory-link>Advisory link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23983">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/b6733721-56fc-44f5-b18b-cd5793517515>WPScan</a></li>
<li><a href=https://patchstack.com/database/vulnerability/wp-content-copy-protector/wordpress-wp-content-copy-protection-no-right-click-plugin-3-4-4-cross-site-request-forgery-csrf-leads-to-settings-update-vulnerability>Patchstack</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/cve/cve-2022-25618/>
<span class=title>« Prev</span>
<br>
<span>CVE-2022-25618</span>
</a>
<a class=next href=https://daffa.info/cve/cve-2022-23984/>
<span class=title>Next »</span>
<br>
<span>CVE-2022-23984</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-23983 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2022-23983&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-23983%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-23983 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-23983%2f&title=CVE-2022-23983&summary=CVE-2022-23983&source=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-23983%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-23983 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-23983%2f&title=CVE-2022-23983"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-23983 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-23983%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-23983 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2022-23983%20-%20https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-23983%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-23983 on telegram" href="https://telegram.me/share/url?text=CVE-2022-23983&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-23983%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

170
public/cve/cve-2022-23984/index.html Normal file
View File

@ -0,0 +1,170 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2022-23984 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="wpDiscuz < 7.3.12 - Sensitive Information Disclosure">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2022-23984">
<meta property="og:description" content="wpDiscuz < 7.3.12 - Sensitive Information Disclosure">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/cve/cve-2022-23984/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="cve">
<meta property="article:published_time" content="2022-02-21T11:30:03+00:00">
<meta property="article:modified_time" content="2022-02-21T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2022-23984">
<meta name=twitter:description content="wpDiscuz < 7.3.12 - Sensitive Information Disclosure">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"CVEs","item":"https://daffa.info/cve/"},{"@type":"ListItem","position":2,"name":"CVE-2022-23984","item":"https://daffa.info/cve/cve-2022-23984/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2022-23984","name":"CVE-2022-23984","description":"wpDiscuz ","keywords":["cve"],"articleBody":"Description Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions Plugin Name wpDiscuz\nInstallation Number 90,000+\nAffected Version Fixed Version 7.3.12\nAdvisory link MITRE WPScan Patchstack ","wordCount":"30","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2022-02-21T11:30:03Z","dateModified":"2022-02-21T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/cve/cve-2022-23984/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2022-23984
</h1>
<div class=post-description>
wpDiscuz &lt; 7.3.12 - Sensitive Information Disclosure
</div>
<div class=post-meta><span title="2022-02-21 11:30:03 +0000 UTC">February 21, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;30 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#installation-number>Installation Number</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions &lt;= 7.3.11).</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/wpdiscuz/>wpDiscuz</a></p>
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
<p>90,000+</p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 7.3.11</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>7.3.12</p>
<h2 id=advisory-link>Advisory link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23984">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/027e6ef8-39d8-4fa9-957f-f53ee7175c0a>WPScan</a></li>
<li><a href=https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-wpdiscuz-plugin-7-3-11-sensitive-information-disclosure-vulnerability>Patchstack</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/cve/cve-2022-23983/>
<span class=title>« Prev</span>
<br>
<span>CVE-2022-23983</span>
</a>
<a class=next href=https://daffa.info/cve/cve-2021-24561/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24561</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-23984 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2022-23984&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-23984%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-23984 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-23984%2f&title=CVE-2022-23984&summary=CVE-2022-23984&source=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-23984%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-23984 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-23984%2f&title=CVE-2022-23984"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-23984 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-23984%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-23984 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2022-23984%20-%20https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-23984%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-23984 on telegram" href="https://telegram.me/share/url?text=CVE-2022-23984&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-23984%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

170
public/cve/cve-2022-25618/index.html Normal file
View File

@ -0,0 +1,170 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2022-25618 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="wpDataTables < 2.1.28 - Admin+ Stored Cross-Site Scripting">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2022-25618">
<meta property="og:description" content="wpDataTables < 2.1.28 - Admin+ Stored Cross-Site Scripting">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/cve/cve-2022-25618/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="cve">
<meta property="article:published_time" content="2022-04-04T11:30:03+00:00">
<meta property="article:modified_time" content="2022-04-04T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2022-25618">
<meta name=twitter:description content="wpDataTables < 2.1.28 - Admin+ Stored Cross-Site Scripting">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"CVEs","item":"https://daffa.info/cve/"},{"@type":"ListItem","position":2,"name":"CVE-2022-25618","item":"https://daffa.info/cve/cve-2022-25618/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2022-25618","name":"CVE-2022-25618","description":"wpDataTables ","keywords":["cve"],"articleBody":"Description Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions Plugin Name wpDataTables\nInstallation Number 60,000+\nAffected Version Fixed Version 2.1.28\nAdvisory link MITRE WPScan Patchstack ","wordCount":"33","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2022-04-04T11:30:03Z","dateModified":"2022-04-04T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/cve/cve-2022-25618/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2022-25618
</h1>
<div class=post-description>
wpDataTables &lt; 2.1.28 - Admin+ Stored Cross-Site Scripting
</div>
<div class=post-meta><span title="2022-04-04 11:30:03 +0000 UTC">April 4, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;33 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#installation-number>Installation Number</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions &lt;= 2.1.27</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/wpdatatables/>wpDataTables</a></p>
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
<p>60,000+</p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 2.1.27</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>2.1.28</p>
<h2 id=advisory-link>Advisory link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25618">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/02a8b0bc-e434-4be5-8892-cba13d1b4329>WPScan</a></li>
<li><a href=https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-stored-cross-site-scripting-xss-vulnerability>Patchstack</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/cve/cve-2022-27844/>
<span class=title>« Prev</span>
<br>
<span>CVE-2022-27844</span>
</a>
<a class=next href=https://daffa.info/cve/cve-2022-23983/>
<span class=title>Next »</span>
<br>
<span>CVE-2022-23983</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-25618 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2022-25618&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-25618%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-25618 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-25618%2f&title=CVE-2022-25618&summary=CVE-2022-25618&source=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-25618%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-25618 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-25618%2f&title=CVE-2022-25618"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-25618 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-25618%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-25618 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2022-25618%20-%20https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-25618%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-25618 on telegram" href="https://telegram.me/share/url?text=CVE-2022-25618&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-25618%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

170
public/cve/cve-2022-27844/index.html Normal file
View File

@ -0,0 +1,170 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2022-27844 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="WPvivid Backup and Migration Plugin < 0.9.71 - Admin+ Arbitrary File Download">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2022-27844">
<meta property="og:description" content="WPvivid Backup and Migration Plugin < 0.9.71 - Admin+ Arbitrary File Download">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/cve/cve-2022-27844/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="cve">
<meta property="article:published_time" content="2022-04-11T11:30:03+00:00">
<meta property="article:modified_time" content="2022-04-11T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2022-27844">
<meta name=twitter:description content="WPvivid Backup and Migration Plugin < 0.9.71 - Admin+ Arbitrary File Download">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"CVEs","item":"https://daffa.info/cve/"},{"@type":"ListItem","position":2,"name":"CVE-2022-27844","item":"https://daffa.info/cve/cve-2022-27844/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2022-27844","name":"CVE-2022-27844","description":"WPvivid Backup and Migration Plugin ","keywords":["cve"],"articleBody":"Description Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging WPvivid (WordPress plugin) versions Plugin Name WPvivid\nInstallation Number 200,000+\nAffected Version Fixed Version 0.9.71\nAdvisory link MITRE WPScan Patchstack ","wordCount":"36","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2022-04-11T11:30:03Z","dateModified":"2022-04-11T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/cve/cve-2022-27844/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2022-27844
</h1>
<div class=post-description>
WPvivid Backup and Migration Plugin &lt; 0.9.71 - Admin+ Arbitrary File Download
</div>
<div class=post-meta><span title="2022-04-11 11:30:03 +0000 UTC">April 11, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;36 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#installation-number>Installation Number</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging WPvivid (WordPress plugin) versions &lt;= 0.9.70</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/wpvivid-backup-restore/>WPvivid</a></p>
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
<p>200,000+</p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 0.9.70</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>0.9.71</p>
<h2 id=advisory-link>Advisory link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27844">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/e15703bd-d23d-46fc-8fc9-a3c6d851df0a>WPScan</a></li>
<li><a href=https://patchstack.com/database/vulnerability/wpvivid-backuprestore/wordpress-wpvivid-plugin-0-9-70-arbitrary-file-read-vulnerability>Patchstack</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/cve/cve-2022-27848/>
<span class=title>« Prev</span>
<br>
<span>CVE-2022-27848</span>
</a>
<a class=next href=https://daffa.info/cve/cve-2022-25618/>
<span class=title>Next »</span>
<br>
<span>CVE-2022-25618</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-27844 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2022-27844&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-27844%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-27844 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-27844%2f&title=CVE-2022-27844&summary=CVE-2022-27844&source=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-27844%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-27844 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-27844%2f&title=CVE-2022-27844"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-27844 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-27844%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-27844 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2022-27844%20-%20https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-27844%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-27844 on telegram" href="https://telegram.me/share/url?text=CVE-2022-27844&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-27844%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

170
public/cve/cve-2022-27848/index.html Normal file
View File

@ -0,0 +1,170 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2022-27848 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Modern Events Calendar Lite < 6.5.2 - Admin+ Stored Cross-Site Scripting">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2022-27848">
<meta property="og:description" content="Modern Events Calendar Lite < 6.5.2 - Admin+ Stored Cross-Site Scripting">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/cve/cve-2022-27848/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="cve">
<meta property="article:published_time" content="2022-04-14T11:30:03+00:00">
<meta property="article:modified_time" content="2022-04-14T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2022-27848">
<meta name=twitter:description content="Modern Events Calendar Lite < 6.5.2 - Admin+ Stored Cross-Site Scripting">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"CVEs","item":"https://daffa.info/cve/"},{"@type":"ListItem","position":2,"name":"CVE-2022-27848","item":"https://daffa.info/cve/cve-2022-27848/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2022-27848","name":"CVE-2022-27848","description":"Modern Events Calendar Lite ","keywords":["cve"],"articleBody":"Description Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) Plugin Name Modern Events Calendar Lite\nInstallation Number 100,000+ (Closed)\nAffected Version Fixed Version 6.5.2\nAdvisory link MITRE WPScan Patchstack ","wordCount":"39","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2022-04-14T11:30:03Z","dateModified":"2022-04-14T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/cve/cve-2022-27848/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2022-27848
</h1>
<div class=post-description>
Modern Events Calendar Lite &lt; 6.5.2 - Admin+ Stored Cross-Site Scripting
</div>
<div class=post-meta><span title="2022-04-14 11:30:03 +0000 UTC">April 14, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;39 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#installation-number>Installation Number</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) &lt;= 6.5.1</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/modern-events-calendar-lite/>Modern Events Calendar Lite</a></p>
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
<p>100,000+ (Closed)</p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 6.5.1</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>6.5.2</p>
<h2 id=advisory-link>Advisory link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27848">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/ef2843d0-f84d-4093-a08b-342ed0848914>WPScan</a></li>
<li><a href=https://patchstack.com/database/vulnerability/modern-events-calendar-lite/wordpress-modern-events-calendar-lite-plugin-6-5-1-authenticated-stored-cross-site-scripting-xss-vulnerability>Patchstack</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/cve/cve-2022-33201/>
<span class=title>« Prev</span>
<br>
<span>CVE-2022-33201</span>
</a>
<a class=next href=https://daffa.info/cve/cve-2022-27844/>
<span class=title>Next »</span>
<br>
<span>CVE-2022-27844</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-27848 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2022-27848&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-27848%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-27848 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-27848%2f&title=CVE-2022-27848&summary=CVE-2022-27848&source=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-27848%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-27848 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-27848%2f&title=CVE-2022-27848"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-27848 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-27848%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-27848 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2022-27848%20-%20https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-27848%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-27848 on telegram" href="https://telegram.me/share/url?text=CVE-2022-27848&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-27848%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

170
public/cve/cve-2022-33201/index.html Normal file
View File

@ -0,0 +1,170 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2022-33201 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="MailerLite - Signup forms (official) < 1.5.7 - API Key Update via CSRF">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2022-33201">
<meta property="og:description" content="MailerLite - Signup forms (official) < 1.5.7 - API Key Update via CSRF">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/cve/cve-2022-33201/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="cve">
<meta property="article:published_time" content="2022-05-08T11:30:03+00:00">
<meta property="article:modified_time" content="2022-05-08T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2022-33201">
<meta name=twitter:description content="MailerLite - Signup forms (official) < 1.5.7 - API Key Update via CSRF">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"CVEs","item":"https://daffa.info/cve/"},{"@type":"ListItem","position":2,"name":"CVE-2022-33201","item":"https://daffa.info/cve/cve-2022-33201/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2022-33201","name":"CVE-2022-33201","description":"MailerLite - Signup forms (official) ","keywords":["cve"],"articleBody":"Description Cross-Site Request Forgery (CSRF) vulnerability in MailerLite Signup forms (official) plugin Plugin Name MailerLite Signup forms (official)\nInstallation Number 60,000+\nAffected Version Fixed Version 1.5.7\nAdvisory link MITRE WPScan Patchstack ","wordCount":"47","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2022-05-08T11:30:03Z","dateModified":"2022-05-08T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/cve/cve-2022-33201/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2022-33201
</h1>
<div class=post-description>
MailerLite - Signup forms (official) &lt; 1.5.7 - API Key Update via CSRF
</div>
<div class=post-meta><span title="2022-05-08 11:30:03 +0000 UTC">May 8, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;47 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#installation-number>Installation Number</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>Cross-Site Request Forgery (CSRF) vulnerability in MailerLite Signup forms (official) plugin &lt;= 1.5.7 at WordPress allows an attacker to change the API key.</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/official-mailerlite-sign-up-forms/>MailerLite Signup forms (official)</a></p>
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
<p>60,000+</p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.5.6</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.5.7</p>
<h2 id=advisory-link>Advisory link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33201">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/dcce9241-4903-40dc-98d1-0abc30a3f779>WPScan</a></li>
<li><a href=https://patchstack.com/database/vulnerability/official-mailerlite-sign-up-forms/wordpress-mailerlite-signup-forms-official-plugin-1-5-7-cross-site-request-forgery-csrf-vulnerability>Patchstack</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/cve/cve-2022-36346/>
<span class=title>« Prev</span>
<br>
<span>CVE-2022-36346</span>
</a>
<a class=next href=https://daffa.info/cve/cve-2022-27848/>
<span class=title>Next »</span>
<br>
<span>CVE-2022-27848</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-33201 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2022-33201&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-33201%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-33201 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-33201%2f&title=CVE-2022-33201&summary=CVE-2022-33201&source=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-33201%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-33201 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-33201%2f&title=CVE-2022-33201"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-33201 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-33201%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-33201 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2022-33201%20-%20https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-33201%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-33201 on telegram" href="https://telegram.me/share/url?text=CVE-2022-33201&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-33201%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

170
public/cve/cve-2022-34347/index.html Normal file
View File

@ -0,0 +1,170 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Download Manager < 3.2.49 - Clear Stats & Cache via CSRF">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Download Manager < 3.2.49 - Clear Stats & Cache via CSRF">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/cve/cve-2022-34347/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="cve">
<meta property="article:published_time" content="2022-08-22T11:30:03+00:00">
<meta property="article:modified_time" content="2022-08-22T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Download Manager < 3.2.49 - Clear Stats & Cache via CSRF">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"CVEs","item":"https://daffa.info/cve/"},{"@type":"ListItem","position":2,"name":"CVE-2021-24519","item":"https://daffa.info/cve/cve-2022-34347/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Download Manager ","keywords":["cve"],"articleBody":"Description Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin Plugin Name Download Manager\nInstallation Number 100,000+\nAffected Version Fixed Version 3.2.49\nAdvisory Link MITRE WPScan Patchstack ","wordCount":"35","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2022-08-22T11:30:03Z","dateModified":"2022-08-22T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/cve/cve-2022-34347/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Download Manager &lt; 3.2.49 - Clear Stats & Cache via CSRF
</div>
<div class=post-meta><span title="2022-08-22 11:30:03 +0000 UTC">August 22, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;35 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#installation-number>Installation Number</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin &lt;= 3.2.48 at WordPress.</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/download-manager/>Download Manager</a></p>
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
<p>100,000+</p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 3.2.48</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>3.2.49</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34347">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/1fe07196-52d4-40c5-b01d-69852b4fb9c5>WPScan</a></li>
<li><a href=https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3-2-48-cross-site-request-forgery-csrf-vulnerability>Patchstack</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/cve/cve-2022-36282/>
<span class=title>« Prev</span>
<br>
<span>CVE-2022-36282</span>
</a>
<a class=next href=https://daffa.info/cve/cve-2022-36346/>
<span class=title>Next »</span>
<br>
<span>CVE-2022-36346</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-34347%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-34347%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-34347%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-34347%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-34347%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-34347%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-34347%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

165
public/cve/cve-2022-36282/index.html Normal file
View File

@ -0,0 +1,165 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2022-36282 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Search Exclude < 1.2.7 - Author+ Stored Cross-Site Scripting">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2022-36282">
<meta property="og:description" content="Search Exclude < 1.2.7 - Author+ Stored Cross-Site Scripting">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/cve/cve-2022-36282/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="cve">
<meta property="article:published_time" content="2022-08-23T11:30:03+00:00">
<meta property="article:modified_time" content="2022-08-23T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2022-36282">
<meta name=twitter:description content="Search Exclude < 1.2.7 - Author+ Stored Cross-Site Scripting">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"CVEs","item":"https://daffa.info/cve/"},{"@type":"ListItem","position":2,"name":"CVE-2022-36282","item":"https://daffa.info/cve/cve-2022-36282/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2022-36282","name":"CVE-2022-36282","description":"Search Exclude ","keywords":["cve"],"articleBody":"Description Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiys Search Exclude plugin Plugin Name Search Exclude\nInstallation Number 60,000+\nAffected Version Fixed Version 1.2.7\nAdvisory Link MITRE WPScan Patchstack ","wordCount":"37","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2022-08-23T11:30:03Z","dateModified":"2022-08-23T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/cve/cve-2022-36282/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2022-36282
</h1>
<div class=post-description>
Search Exclude &lt; 1.2.7 - Author+ Stored Cross-Site Scripting
</div>
<div class=post-meta><span title="2022-08-23 11:30:03 +0000 UTC">August 23, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;37 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#installation-number>Installation Number</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy&rsquo;s Search Exclude plugin &lt;= 1.2.6 at WordPress.</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/search-exclude/>Search Exclude</a></p>
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
<p>60,000+</p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.2.6</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.2.7</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36282">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/52841b21-493f-4e63-bcbf-528089955e4f>WPScan</a></li>
<li><a href=https://patchstack.com/database/vulnerability/search-exclude/wordpress-search-exclude-plugin-1-2-6-authenticated-stored-cross-site-scripting-xss-vulnerability>Patchstack</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=next href=https://daffa.info/cve/cve-2022-34347/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-36282 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2022-36282&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-36282%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-36282 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-36282%2f&title=CVE-2022-36282&summary=CVE-2022-36282&source=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-36282%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-36282 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-36282%2f&title=CVE-2022-36282"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-36282 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-36282%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-36282 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2022-36282%20-%20https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-36282%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-36282 on telegram" href="https://telegram.me/share/url?text=CVE-2022-36282&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-36282%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

170
public/cve/cve-2022-36346/index.html Normal file
View File

@ -0,0 +1,170 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2022-36346 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="MaxButtons < 9.3 - Arbitrary Settings Update via CSRF">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2022-36346">
<meta property="og:description" content="MaxButtons < 9.3 - Arbitrary Settings Update via CSRF">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/cve/cve-2022-36346/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="cve">
<meta property="article:published_time" content="2022-08-22T11:30:03+00:00">
<meta property="article:modified_time" content="2022-08-22T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2022-36346">
<meta name=twitter:description content="MaxButtons < 9.3 - Arbitrary Settings Update via CSRF">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"CVEs","item":"https://daffa.info/cve/"},{"@type":"ListItem","position":2,"name":"CVE-2022-36346","item":"https://daffa.info/cve/cve-2022-36346/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2022-36346","name":"CVE-2022-36346","description":"MaxButtons ","keywords":["cve"],"articleBody":"Description Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin Plugin Name MaxButtons\nInstallation Number 100,000+\nAffected Version Fixed Version 9.3\nAdvisory Link MITRE WPScan Patchstack ","wordCount":"34","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2022-08-22T11:30:03Z","dateModified":"2022-08-22T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/cve/cve-2022-36346/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2022-36346
</h1>
<div class=post-description>
MaxButtons &lt; 9.3 - Arbitrary Settings Update via CSRF
</div>
<div class=post-meta><span title="2022-08-22 11:30:03 +0000 UTC">August 22, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;34 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#installation-number>Installation Number</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin &lt;= 9.2 at WordPress.</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/maxbuttons/>MaxButtons</a></p>
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
<p>100,000+</p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 9.2</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>9.3</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36346">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/c1b448e0-430a-4f47-aded-77af8d291232>WPScan</a></li>
<li><a href=https://patchstack.com/database/vulnerability/maxbuttons/wordpress-maxbuttons-plugins-9-2-multiple-cross-site-request-forgery-csrf-vulnerabilities>Patchstack</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/cve/cve-2022-34347/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
<a class=next href=https://daffa.info/cve/cve-2022-33201/>
<span class=title>Next »</span>
<br>
<span>CVE-2022-33201</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-36346 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2022-36346&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-36346%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-36346 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-36346%2f&title=CVE-2022-36346&summary=CVE-2022-36346&source=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-36346%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-36346 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-36346%2f&title=CVE-2022-36346"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-36346 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-36346%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-36346 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2022-36346%20-%20https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-36346%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2022-36346 on telegram" href="https://telegram.me/share/url?text=CVE-2022-36346&url=https%3a%2f%2fdaffa.info%2fcve%2fcve-2022-36346%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

196
public/cve/index.html Normal file
View File

@ -0,0 +1,196 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVEs | Muhammad Daffa</title>
<meta name=keywords content>
<meta name=description content="List of all my CVEs">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://daffa.info/cve/>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<link rel=alternate type=application/rss+xml href=https://daffa.info/cve/index.xml>
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVEs">
<meta property="og:description" content="Portfolio by Muhammad Daffa">
<meta property="og:type" content="website">
<meta property="og:url" content="https://daffa.info/cve/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
<meta name=twitter:title content="CVEs">
<meta name=twitter:description content="Portfolio by Muhammad Daffa">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"CVEs","item":"https://daffa.info/cve/"}]}</script>
</head>
<body class=list id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<header class=page-header>
<h1>CVEs</h1>
</header>
<div class=archive-year>
<h2 class=archive-year-header>2022<sup class=archive-count>&nbsp;&nbsp;9</sup>
</h2>
<div class=archive-month>
<h3 class=archive-month-header>August<sup class=archive-count>&nbsp;&nbsp;3</sup></h3>
<div class=archive-posts>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2022-36282
</h3>
<div class=archive-meta><span title="2022-08-23 11:30:03 +0000 UTC">August 23, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;37 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2022-36282" href=https://daffa.info/cve/cve-2022-36282/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2022-08-22 11:30:03 +0000 UTC">August 22, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;35 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/cve/cve-2022-34347/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2022-36346
</h3>
<div class=archive-meta><span title="2022-08-22 11:30:03 +0000 UTC">August 22, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;34 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2022-36346" href=https://daffa.info/cve/cve-2022-36346/></a>
</div>
</div>
</div>
<div class=archive-month>
<h3 class=archive-month-header>May<sup class=archive-count>&nbsp;&nbsp;1</sup></h3>
<div class=archive-posts>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2022-33201
</h3>
<div class=archive-meta><span title="2022-05-08 11:30:03 +0000 UTC">May 8, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;47 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2022-33201" href=https://daffa.info/cve/cve-2022-33201/></a>
</div>
</div>
</div>
<div class=archive-month>
<h3 class=archive-month-header>April<sup class=archive-count>&nbsp;&nbsp;3</sup></h3>
<div class=archive-posts>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2022-27848
</h3>
<div class=archive-meta><span title="2022-04-14 11:30:03 +0000 UTC">April 14, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;39 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2022-27848" href=https://daffa.info/cve/cve-2022-27848/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2022-27844
</h3>
<div class=archive-meta><span title="2022-04-11 11:30:03 +0000 UTC">April 11, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;36 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2022-27844" href=https://daffa.info/cve/cve-2022-27844/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2022-25618
</h3>
<div class=archive-meta><span title="2022-04-04 11:30:03 +0000 UTC">April 4, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;33 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2022-25618" href=https://daffa.info/cve/cve-2022-25618/></a>
</div>
</div>
</div>
<div class=archive-month>
<h3 class=archive-month-header>February<sup class=archive-count>&nbsp;&nbsp;2</sup></h3>
<div class=archive-posts>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2022-23983
</h3>
<div class=archive-meta><span title="2022-02-21 11:30:03 +0000 UTC">February 21, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;51 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2022-23983" href=https://daffa.info/cve/cve-2022-23983/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2022-23984
</h3>
<div class=archive-meta><span title="2022-02-21 11:30:03 +0000 UTC">February 21, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;30 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2022-23984" href=https://daffa.info/cve/cve-2022-23984/></a>
</div>
</div>
</div>
</div>
<div class=archive-year>
<h2 class=archive-year-header>2021<sup class=archive-count>&nbsp;&nbsp;3</sup>
</h2>
<div class=archive-month>
<h3 class=archive-month-header>July<sup class=archive-count>&nbsp;&nbsp;3</sup></h3>
<div class=archive-posts>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24561
</h3>
<div class=archive-meta><span title="2021-07-26 11:30:03 +0000 UTC">July 26, 2021</span>&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24561" href=https://daffa.info/cve/cve-2021-24561/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24531
</h3>
<div class=archive-meta><span title="2021-07-21 11:30:03 +0000 UTC">July 21, 2021</span>&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24531" href=https://daffa.info/cve/cve-2021-24531/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/cve/cve-2021-24519/></a>
</div>
</div>
</div>
</div>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

122
public/cve/index.xml Normal file
View File

@ -0,0 +1,122 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
<channel>
<title>CVEs on Muhammad Daffa</title>
<link>https://daffa.info/cve/</link>
<description>Recent content in CVEs on Muhammad Daffa</description>
<image>
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Tue, 23 Aug 2022 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/cve/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>CVE-2022-36282</title>
<link>https://daffa.info/cve/cve-2022-36282/</link>
<pubDate>Tue, 23 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-36282/</guid>
<description>Search Exclude &amp;lt; 1.2.7 - Author&#43; Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/cve/cve-2022-34347/</link>
<pubDate>Mon, 22 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-34347/</guid>
<description>Download Manager &amp;lt; 3.2.49 - Clear Stats &amp;amp; Cache via CSRF</description>
</item>
<item>
<title>CVE-2022-36346</title>
<link>https://daffa.info/cve/cve-2022-36346/</link>
<pubDate>Mon, 22 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-36346/</guid>
<description>MaxButtons &amp;lt; 9.3 - Arbitrary Settings Update via CSRF</description>
</item>
<item>
<title>CVE-2022-33201</title>
<link>https://daffa.info/cve/cve-2022-33201/</link>
<pubDate>Sun, 08 May 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-33201/</guid>
<description>MailerLite - Signup forms (official) &amp;lt; 1.5.7 - API Key Update via CSRF</description>
</item>
<item>
<title>CVE-2022-27848</title>
<link>https://daffa.info/cve/cve-2022-27848/</link>
<pubDate>Thu, 14 Apr 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-27848/</guid>
<description>Modern Events Calendar Lite &amp;lt; 6.5.2 - Admin&#43; Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2022-27844</title>
<link>https://daffa.info/cve/cve-2022-27844/</link>
<pubDate>Mon, 11 Apr 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-27844/</guid>
<description>WPvivid Backup and Migration Plugin &amp;lt; 0.9.71 - Admin&#43; Arbitrary File Download</description>
</item>
<item>
<title>CVE-2022-25618</title>
<link>https://daffa.info/cve/cve-2022-25618/</link>
<pubDate>Mon, 04 Apr 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-25618/</guid>
<description>wpDataTables &amp;lt; 2.1.28 - Admin&#43; Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2022-23983</title>
<link>https://daffa.info/cve/cve-2022-23983/</link>
<pubDate>Mon, 21 Feb 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-23983/</guid>
<description>WP Content Copy Protection &amp;amp; No Right Click &amp;lt; 3.4.5 - Settings Update via CSRF</description>
</item>
<item>
<title>CVE-2022-23984</title>
<link>https://daffa.info/cve/cve-2022-23984/</link>
<pubDate>Mon, 21 Feb 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-23984/</guid>
<description>wpDiscuz &amp;lt; 7.3.12 - Sensitive Information Disclosure</description>
</item>
<item>
<title>CVE-2021-24561</title>
<link>https://daffa.info/cve/cve-2021-24561/</link>
<pubDate>Mon, 26 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2021-24561/</guid>
<description>WP SMS &amp;lt; 5.4.13 - Authenticated Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2021-24531</title>
<link>https://daffa.info/cve/cve-2021-24531/</link>
<pubDate>Wed, 21 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2021-24531/</guid>
<description>Charitable - Donation Plugin &amp;lt; 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/cve/cve-2021-24519/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2021-24519/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
</channel>
</rss>

1
public/cve/page/1/index.html Normal file
View File

@ -0,0 +1 @@
<!doctype html><html><head><title>https://daffa.info/cve/</title><link rel=canonical href=https://daffa.info/cve/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/cve/"></head></html>

114
public/index.html Normal file
View File

@ -0,0 +1,114 @@
<!doctype html><html lang=en dir=auto>
<head>
<meta name=generator content="Hugo 0.92.2"><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>Muhammad Daffa</title>
<meta name=keywords content="Blog,Portfolio">
<meta name=description content="Portfolio by Muhammad Daffa">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://daffa.info/>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<link rel=alternate type=application/rss+xml href=https://daffa.info/index.xml>
<link rel=alternate type=application/json href=https://daffa.info/index.json>
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="Muhammad Daffa">
<meta property="og:description" content="Portfolio by Muhammad Daffa">
<meta property="og:type" content="website">
<meta property="og:url" content="https://daffa.info/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
<meta name=twitter:title content="Muhammad Daffa">
<meta name=twitter:description content="Portfolio by Muhammad Daffa">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"Organization","name":"Muhammad Daffa","url":"https://daffa.info/","description":"Portfolio by Muhammad Daffa","thumbnailUrl":"https://daffa.info/%3Clink%20/%20abs%20url%3E","sameAs":["https://twitter.com/daffainfo","https://www.linkedin.com/in/muhdaffa","https://muhdaffa.medium.com/","https://github.com/daffainfo","mailto:muhammaddaffa.info@gmail.com"]}</script>
</head>
<body class=list id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main><div class=profile>
<div class=profile_inner>
<img draggable=false src=https://avatars.githubusercontent.com/u/36522826 alt="Muhammad Daffa" title="Muhammad Daffa" height=200 width=200>
<h1>Muhammad Daffa</h1>
<span>Vulnerability Researcher at spiderSilk</span><div class=social-icons>
<a href=https://twitter.com/daffainfo target=_blank rel="noopener noreferrer me" title=Twitter><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M23 3a10.9 10.9.0 01-3.14 1.53 4.48 4.48.0 00-7.86 3v1A10.66 10.66.0 013 4s-4 9 5 13a11.64 11.64.0 01-7 2c9 5 20 0 20-11.5a4.5 4.5.0 00-.08-.83A7.72 7.72.0 0023 3z"/></svg>
</a>
<a href=https://www.linkedin.com/in/muhdaffa target=_blank rel="noopener noreferrer me" title=Linkedin><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M16 8a6 6 0 016 6v7h-4v-7a2 2 0 00-2-2 2 2 0 00-2 2v7h-4v-7a6 6 0 016-6z"/><rect x="2" y="9" width="4" height="12"/><circle cx="4" cy="4" r="2"/></svg>
</a>
<a href=https://muhdaffa.medium.com/ target=_blank rel="noopener noreferrer me" title=Medium><svg version="1.0" xmlns="http://www.w3.org/2000/svg" fill="currentcolor" stroke-width="2" viewBox="0 0 76 76"><g transform="translate(0.000000,76.000000) scale(0.100000,-0.100000)"><path d="M0 380V0h380 380v380 380H380 0V380zm334 85c30-63 57-115 59-115s16 30 31 68c15 37 37 88 49 115l20 47h76l76-1-27-20-28-21V387c0-150 0-151 27-179l27-28H535 426l27 28c26 27 27 32 26 143 0 131 3 134-71-58-24-62-48-113-53-113-6 0-17 16-24 35s-36 83-64 142l-52 108-3-98c-3-97-2-99 28-133 16-19 30-39 30-44 0-6-31-10-70-10-45 0-70 4-70 11 0 6 14 27 30 46 30 33 30 35 30 151s0 118-31 155l-30 37h75 76l54-115z"/></g></svg>
</a>
<a href=https://github.com/daffainfo target=_blank rel="noopener noreferrer me" title=Github><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M9 19c-5 1.5-5-2.5-7-3m14 6v-3.87a3.37 3.37.0 00-.94-2.61c3.14-.35 6.44-1.54 6.44-7A5.44 5.44.0 0020 4.77 5.07 5.07.0 0019.91 1S18.73.65 16 2.48a13.38 13.38.0 00-7 0C6.27.65 5.09 1 5.09 1A5.07 5.07.0 005 4.77 5.44 5.44.0 003.5 8.55c0 5.42 3.3 6.61 6.44 7A3.37 3.37.0 009 18.13V22"/></svg>
</a>
<a href=mailto:muhammaddaffa.info@gmail.com target=_blank rel="noopener noreferrer me" title=Email><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 21" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M4 4h16c1.1.0 2 .9 2 2v12c0 1.1-.9 2-2 2H4c-1.1.0-2-.9-2-2V6c0-1.1.9-2 2-2z"/><polyline points="22,6 12,13 2,6"/></svg>
</a>
</div>
<div class=buttons>
<a class=button href=profile rel=noopener title="Read More">
<span class=button-inner>
Read More
</span>
</a>
</div>
</div>
</div>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

1
public/index.json Normal file
View File

@ -0,0 +1 @@
[{"content":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the \u0026lsquo;Text Next to Icon\u0026rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nInstallation Number 1,000+\nAffected Version \u0026lt;= 1.1.9\nFixed Version 1.1.10\nAdvisory Link MITRE WPScan ","permalink":"https://daffa.info/cve/cve-2021-24519/","summary":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the \u0026lsquo;Text Next to Icon\u0026rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nInstallation Number 1,000+\nAffected Version \u0026lt;= 1.1.9\nFixed Version 1.1.10\nAdvisory Link MITRE WPScan ","title":"CVE-2021-24519"}]

123
public/index.xml Normal file
View File

@ -0,0 +1,123 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
<channel>
<title>Muhammad Daffa</title>
<link>https://daffa.info/</link>
<description>Recent content on Muhammad Daffa</description>
<image>
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Tue, 23 Aug 2022 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>CVE-2022-36282</title>
<link>https://daffa.info/cve/cve-2022-36282/</link>
<pubDate>Tue, 23 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-36282/</guid>
<description>Search Exclude &amp;lt; 1.2.7 - Author&#43; Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/cve/cve-2022-34347/</link>
<pubDate>Mon, 22 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-34347/</guid>
<description>Download Manager &amp;lt; 3.2.49 - Clear Stats &amp;amp; Cache via CSRF</description>
</item>
<item>
<title>CVE-2022-36346</title>
<link>https://daffa.info/cve/cve-2022-36346/</link>
<pubDate>Mon, 22 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-36346/</guid>
<description>MaxButtons &amp;lt; 9.3 - Arbitrary Settings Update via CSRF</description>
</item>
<item>
<title>CVE-2022-33201</title>
<link>https://daffa.info/cve/cve-2022-33201/</link>
<pubDate>Sun, 08 May 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-33201/</guid>
<description>MailerLite - Signup forms (official) &amp;lt; 1.5.7 - API Key Update via CSRF</description>
</item>
<item>
<title>CVE-2022-27848</title>
<link>https://daffa.info/cve/cve-2022-27848/</link>
<pubDate>Thu, 14 Apr 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-27848/</guid>
<description>Modern Events Calendar Lite &amp;lt; 6.5.2 - Admin&#43; Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2022-27844</title>
<link>https://daffa.info/cve/cve-2022-27844/</link>
<pubDate>Mon, 11 Apr 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-27844/</guid>
<description>WPvivid Backup and Migration Plugin &amp;lt; 0.9.71 - Admin&#43; Arbitrary File Download</description>
</item>
<item>
<title>CVE-2022-25618</title>
<link>https://daffa.info/cve/cve-2022-25618/</link>
<pubDate>Mon, 04 Apr 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-25618/</guid>
<description>wpDataTables &amp;lt; 2.1.28 - Admin&#43; Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2022-23983</title>
<link>https://daffa.info/cve/cve-2022-23983/</link>
<pubDate>Mon, 21 Feb 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-23983/</guid>
<description>WP Content Copy Protection &amp;amp; No Right Click &amp;lt; 3.4.5 - Settings Update via CSRF</description>
</item>
<item>
<title>CVE-2022-23984</title>
<link>https://daffa.info/cve/cve-2022-23984/</link>
<pubDate>Mon, 21 Feb 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-23984/</guid>
<description>wpDiscuz &amp;lt; 7.3.12 - Sensitive Information Disclosure</description>
</item>
<item>
<title>CVE-2021-24561</title>
<link>https://daffa.info/cve/cve-2021-24561/</link>
<pubDate>Mon, 26 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2021-24561/</guid>
<description>WP SMS &amp;lt; 5.4.13 - Authenticated Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2021-24531</title>
<link>https://daffa.info/cve/cve-2021-24531/</link>
<pubDate>Wed, 21 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2021-24531/</guid>
<description>Charitable - Donation Plugin &amp;lt; 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/cve/cve-2021-24519/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2021-24519/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
</channel>
</rss>

1
public/page/1/index.html Normal file
View File

@ -0,0 +1 @@
<!doctype html><html><head><title>https://daffa.info/</title><link rel=canonical href=https://daffa.info/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/"></head></html>

169
public/portfolio/cve/cve-2021-24519/index.html Normal file
View File

@ -0,0 +1,169 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2021-24519/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2021-24519/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nInstallation Number 1,000+\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"64","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2021-24519/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#installation-number>Installation Number</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
<p>1,000+</p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2021-24531/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24531</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-23983/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

169
public/portfolio/cve/cve-2021-24531/index.html Normal file
View File

@ -0,0 +1,169 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24531 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Charitable - Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24531">
<meta property="og:description" content="Charitable - Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2021-24531/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-21T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-21T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24531">
<meta name=twitter:description content="Charitable - Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24531","item":"https://daffa.info/portfolio/cve/cve-2021-24531/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24531","name":"CVE-2021-24531","description":"Charitable - Donation Plugin ","keywords":["cve"],"articleBody":"Description The Charitable - Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.\nPlugin Name Charitable\nInstallation Number 10,000+\nAffected Version Fixed Version 1.6.51\nAdvisory Link MITRE WPScan ","wordCount":"44","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-21T11:30:03Z","dateModified":"2021-07-21T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2021-24531/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24531
</h1>
<div class=post-description>
Charitable - Donation Plugin &lt; 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-21 11:30:03 +0000 UTC">July 21, 2021</span>&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#installation-number>Installation Number</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The Charitable - Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/charitable/>Charitable</a></p>
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
<p>10,000+</p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.6.50</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.6.51</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24531">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/a5837621-ee6e-4876-9f65-82658fc0341f>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2021-24561/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24561</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2021-24519/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24531&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f&title=CVE-2021-24531&summary=CVE-2021-24531&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f&title=CVE-2021-24531"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24531%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24531&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

164
public/portfolio/cve/cve-2021-24561/index.html Normal file
View File

@ -0,0 +1,164 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24561 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24561">
<meta property="og:description" content="WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2021-24561/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-26T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-26T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24561">
<meta name=twitter:description content="WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24561","item":"https://daffa.info/portfolio/cve/cve-2021-24561/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24561","name":"CVE-2021-24561","description":"WP SMS ","keywords":["cve"],"articleBody":"Description The WP SMS WordPress plugin before 5.4.13 does not sanitise the “wp_group_name” parameter before outputting it back in the “Groups” page, leading to an Authenticated Stored Cross-Site Scripting issue\nPlugin Name WP SMS Messaging \u0026 SMS Notification for WordPress, WooCommerce, GravityForms, etc\nInstallation Number 8,000+\nAffected Version Fixed Version 5.4.13\nAdvisory link MITRE WPScan ","wordCount":"58","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-26T11:30:03Z","dateModified":"2021-07-26T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2021-24561/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24561
</h1>
<div class=post-description>
WP SMS &lt; 5.4.13 - Authenticated Stored Cross-Site Scripting
</div>
<div class=post-meta><span title="2021-07-26 11:30:03 +0000 UTC">July 26, 2021</span>&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#installation-number>Installation Number</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The WP SMS WordPress plugin before 5.4.13 does not sanitise the &ldquo;wp_group_name&rdquo; parameter before outputting it back in the &ldquo;Groups&rdquo; page, leading to an Authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/wp-sms/>WP SMS Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc</a></p>
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
<p>8,000+</p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 5.4.12</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>5.4.13</p>
<h2 id=advisory-link>Advisory link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24561">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/5433ef4c-4451-4b6e-992b-69c5eccabf90>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=next href=https://daffa.info/portfolio/cve/cve-2021-24531/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24531</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24561&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f&title=CVE-2021-24561&summary=CVE-2021-24561&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f&title=CVE-2021-24561"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24561%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24561&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

166
public/portfolio/cve/cve-2022-23983/index.html Normal file
View File

@ -0,0 +1,166 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-23983/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-23983/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-23983/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2021-24519/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-23984/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

166
public/portfolio/cve/cve-2022-23984/index.html Normal file
View File

@ -0,0 +1,166 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-23984/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-23984/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-23984/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-23983/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-25618/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

166
public/portfolio/cve/cve-2022-25618/index.html Normal file
View File

@ -0,0 +1,166 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-25618/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-25618/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-25618/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-23984/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-27844/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

166
public/portfolio/cve/cve-2022-27844/index.html Normal file
View File

@ -0,0 +1,166 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-27844/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-27844/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-27844/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-25618/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-27848/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

166
public/portfolio/cve/cve-2022-27848/index.html Normal file
View File

@ -0,0 +1,166 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-27848/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-27848/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-27848/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-27844/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-33201/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

166
public/portfolio/cve/cve-2022-33201/index.html Normal file
View File

@ -0,0 +1,166 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-33201/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-33201/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-33201/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-27848/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-34347/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

166
public/portfolio/cve/cve-2022-34347/index.html Normal file
View File

@ -0,0 +1,166 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-34347/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-34347/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-34347/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-33201/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-36282/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

166
public/portfolio/cve/cve-2022-36282/index.html Normal file
View File

@ -0,0 +1,166 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-36282/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-36282/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-36282/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-34347/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-36346/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

161
public/portfolio/cve/cve-2022-36346/index.html Normal file
View File

@ -0,0 +1,161 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-36346/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-36346/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-36346/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-36282/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

172
public/portfolio/cve/index.html Normal file
View File

@ -0,0 +1,172 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVEs | Muhammad Daffa</title>
<meta name=keywords content>
<meta name=description content="List of all my CVEs">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://daffa.info/portfolio/cve/>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<link rel=alternate type=application/rss+xml href=https://daffa.info/portfolio/cve/index.xml>
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVEs">
<meta property="og:description" content="Portfolio by Muhammad Daffa">
<meta property="og:type" content="website">
<meta property="og:url" content="https://daffa.info/portfolio/cve/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
<meta name=twitter:title content="CVEs">
<meta name=twitter:description content="Portfolio by Muhammad Daffa">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"}]}</script>
</head>
<body class=list id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<header class=page-header>
<h1>CVEs</h1>
</header>
<div class=archive-year>
<h2 class=archive-year-header>2021<sup class=archive-count>&nbsp;&nbsp;12</sup>
</h2>
<div class=archive-month>
<h3 class=archive-month-header>July<sup class=archive-count>&nbsp;&nbsp;12</sup></h3>
<div class=archive-posts>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24561
</h3>
<div class=archive-meta><span title="2021-07-26 11:30:03 +0000 UTC">July 26, 2021</span>&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24561" href=https://daffa.info/portfolio/cve/cve-2021-24561/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24531
</h3>
<div class=archive-meta><span title="2021-07-21 11:30:03 +0000 UTC">July 21, 2021</span>&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24531" href=https://daffa.info/portfolio/cve/cve-2021-24531/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2021-24519/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-23983/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-23984/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-25618/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-27844/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-27848/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-33201/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-34347/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-36282/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-36346/></a>
</div>
</div>
</div>
</div>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

122
public/portfolio/cve/index.xml Normal file
View File

@ -0,0 +1,122 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
<channel>
<title>CVEs on Muhammad Daffa</title>
<link>https://daffa.info/portfolio/cve/</link>
<description>Recent content in CVEs on Muhammad Daffa</description>
<image>
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Mon, 26 Jul 2021 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/portfolio/cve/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>CVE-2021-24561</title>
<link>https://daffa.info/portfolio/cve/cve-2021-24561/</link>
<pubDate>Mon, 26 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2021-24561/</guid>
<description>WP SMS &amp;lt; 5.4.13 - Authenticated Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2021-24531</title>
<link>https://daffa.info/portfolio/cve/cve-2021-24531/</link>
<pubDate>Wed, 21 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2021-24531/</guid>
<description>Charitable - Donation Plugin &amp;lt; 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2021-24519/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2021-24519/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2022-23983/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2022-23983/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2022-23984/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2022-23984/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2022-25618/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2022-25618/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2022-27844/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2022-27844/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2022-27848/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2022-27848/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2022-33201/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2022-33201/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2022-34347/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2022-34347/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2022-36282/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2022-36282/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2022-36346/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2022-36346/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
</channel>
</rss>

102
public/portfolio/index.html Normal file
View File

@ -0,0 +1,102 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>Placeholder Text | Muhammad Daffa</title>
<meta name=keywords content="markdown,text">
<meta name=description content="Lorem Ipsum Dolor Si Amet">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://daffa.info/portfolio/>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<link rel=alternate type=application/rss+xml href=https://daffa.info/portfolio/index.xml>
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="Placeholder Text">
<meta property="og:description" content="Lorem Ipsum Dolor Si Amet">
<meta property="og:type" content="website">
<meta property="og:url" content="https://daffa.info/portfolio/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
<meta name=twitter:title content="Placeholder Text">
<meta name=twitter:description content="Lorem Ipsum Dolor Si Amet">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"}]}</script>
</head>
<body class=list id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span class=active>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<header class=page-header>
<h1>
Placeholder Text
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg>
</a>
</h1>
<div class=post-description>
Lorem Ipsum Dolor Si Amet
</div>
</header>
<div class=post-content><p>Test
Test
Test</p>
</div>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

14
public/portfolio/index.xml Normal file
View File

@ -0,0 +1,14 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
<channel>
<title>Placeholder Text on Muhammad Daffa</title>
<link>https://daffa.info/portfolio/</link>
<description>Recent content in Placeholder Text on Muhammad Daffa</description>
<image>
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Sat, 09 Mar 2019 00:00:00 +0000</lastBuildDate><atom:link href="https://daffa.info/portfolio/index.xml" rel="self" type="application/rss+xml" />
</channel>
</rss>

1
public/portfolio/page/1/index.html Normal file
View File

@ -0,0 +1 @@
<!doctype html><html><head><title>https://daffa.info/portfolio/</title><link rel=canonical href=https://daffa.info/portfolio/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/portfolio/"></head></html>

151
public/posts/cve-2021-24519/index.html Normal file
View File

@ -0,0 +1,151 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20.css integrity="sha256-vBFJ9KcqpIWNOp9xRi915YhP/oBz6p1tV2HVZj1lHiA=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/posts/cve-2021-24519/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="posts">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https://daffa.info/posts/"},{"@type":"ListItem","position":2,"name":"CVE-2021-24519","item":"https://daffa.info/posts/cve-2021-24519/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/posts/cve-2021-24519/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<ul id=menu>
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/cve/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=mailto:muhammaddaffa.info@gmail.com title="Contact Me">
<span>Contact Me</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/posts/>Posts</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

116
public/posts/cve-2021-24561/index.html Normal file
View File

@ -0,0 +1,116 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE 2021 24561 | Muhammad Daffa</title>
<meta name=keywords content>
<meta name=description content="CVE 2021 24561 - Muhammad Daffa">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://daffa.info/posts/cve-2021-24561/>
<link crossorigin=anonymous href=/assets/css/stylesheet.bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20.css integrity="sha256-vBFJ9KcqpIWNOp9xRi915YhP/oBz6p1tV2HVZj1lHiA=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE 2021 24561">
<meta property="og:description" content>
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/posts/cve-2021-24561/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="article:section" content="posts">
<meta property="article:published_time" content="2022-09-09T17:01:20+00:00">
<meta property="article:modified_time" content="2022-09-09T17:01:20+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
<meta name=twitter:title content="CVE 2021 24561">
<meta name=twitter:description content>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https://daffa.info/posts/"},{"@type":"ListItem","position":2,"name":"CVE 2021 24561","item":"https://daffa.info/posts/cve-2021-24561/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE 2021 24561","name":"CVE 2021 24561","description":"","keywords":[],"articleBody":"","wordCount":"0","inLanguage":"en","datePublished":"2022-09-09T17:01:20Z","dateModified":"2022-09-09T17:01:20Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/posts/cve-2021-24561/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<ul id=menu>
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/cve/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=mailto:muhammaddaffa.info@gmail.com title="Contact Me">
<span>Contact Me</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/posts/>Posts</a></div>
<h1 class=post-title>
CVE 2021 24561<sup><span class=entry-isdraft>&nbsp;&nbsp;[draft]</span></sup>
</h1>
<div class=post-meta><span title="2022-09-09 17:01:20 +0000 UTC">September 9, 2022</span>&nbsp;·&nbsp;0 min&nbsp;·&nbsp;0 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header>
<footer class=post-footer>
<ul class=post-tags>
</ul>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE 2021 24561 on twitter" href="https://twitter.com/intent/tweet/?text=CVE%202021%2024561&url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f&hashtags="><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE 2021 24561 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f&title=CVE%202021%2024561&summary=CVE%202021%2024561&source=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE 2021 24561 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f&title=CVE%202021%2024561"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE 2021 24561 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE 2021 24561 on whatsapp" href="https://api.whatsapp.com/send?text=CVE%202021%2024561%20-%20https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE 2021 24561 on telegram" href="https://telegram.me/share/url?text=CVE%202021%2024561&url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

118
public/posts/index.html Normal file
View File

@ -0,0 +1,118 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>Posts | Muhammad Daffa</title>
<meta name=keywords content>
<meta name=description content="Posts - Muhammad Daffa">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://daffa.info/posts/>
<link crossorigin=anonymous href=/assets/css/stylesheet.bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20.css integrity="sha256-vBFJ9KcqpIWNOp9xRi915YhP/oBz6p1tV2HVZj1lHiA=" rel="preload stylesheet" as=style>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<link rel=alternate type=application/rss+xml href=https://daffa.info/posts/index.xml>
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="Posts">
<meta property="og:description" content="Portfolio by Muhammad Daffa">
<meta property="og:type" content="website">
<meta property="og:url" content="https://daffa.info/posts/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
<meta name=twitter:title content="Posts">
<meta name=twitter:description content="Portfolio by Muhammad Daffa">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https://daffa.info/posts/"}]}</script>
</head>
<body class=list id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<ul id=menu>
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/cve/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=mailto:muhammaddaffa.info@gmail.com title="Contact Me">
<span>Contact Me</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a></div>
<h1>
Posts
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg>
</a>
</h1>
</header>
<article class=post-entry>
<header class=entry-header>
<h2>CVE 2021 24561<sup><span class=entry-isdraft>&nbsp;&nbsp;[draft]</span></sup>
</h2>
</header>
<div class=entry-content>
<p></p>
</div>
<footer class=entry-footer><span title="2022-09-09 17:01:20 +0000 UTC">September 9, 2022</span>&nbsp;·&nbsp;0 min&nbsp;·&nbsp;0 words&nbsp;·&nbsp;Muhammad Daffa</footer>
<a class=entry-link aria-label="post link to CVE 2021 24561" href=https://daffa.info/posts/cve-2021-24561/></a>
</article>
<article class=post-entry>
<header class=entry-header>
<h2>CVE-2021-24519
</h2>
</header>
<div class=entry-content>
<p>Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue
Plugin Name VikRentCar
Affected Version &lt;= 1.1.9
Fixed Version 1.1.10
Advisory Link MITRE WPScan </p>
</div>
<footer class=entry-footer><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</footer>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/posts/cve-2021-24519/></a>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

32
public/posts/index.xml Normal file
View File

@ -0,0 +1,32 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
<channel>
<title>Posts on Muhammad Daffa</title>
<link>https://daffa.info/posts/</link>
<description>Recent content in Posts on Muhammad Daffa</description>
<image>
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Fri, 09 Sep 2022 17:01:20 +0000</lastBuildDate><atom:link href="https://daffa.info/posts/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>CVE 2021 24561</title>
<link>https://daffa.info/posts/cve-2021-24561/</link>
<pubDate>Fri, 09 Sep 2022 17:01:20 +0000</pubDate>
<guid>https://daffa.info/posts/cve-2021-24561/</guid>
<description></description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/posts/cve-2021-24519/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/posts/cve-2021-24519/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
</channel>
</rss>

1
public/posts/page/1/index.html Normal file
View File

@ -0,0 +1 @@
<!doctype html><html><head><title>https://daffa.info/posts/</title><link rel=canonical href=https://daffa.info/posts/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/posts/"></head></html>

3
public/robots.txt Normal file
View File

@ -0,0 +1,3 @@
User-agent: *
Disallow:
Sitemap: https://daffa.info/sitemap.xml

99
public/search/index.html Normal file
View File

@ -0,0 +1,99 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>Search | Muhammad Daffa</title>
<meta name=keywords content>
<meta name=description content="Search - Muhammad Daffa">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://daffa.info/search/>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link crossorigin=anonymous rel=preload as=fetch href=../index.json>
<script defer crossorigin=anonymous src=/assets/js/search.1943d4c8dfc6e73d572d17ccfc55c943211a702f7734fab3645d5b715395679e.js integrity="sha256-GUPUyN/G5z1XLRfM/FXJQyEacC93NPqzZF1bcVOVZ54="></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="Search">
<meta property="og:description" content>
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/search/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="article:section" content>
<meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
<meta name=twitter:title content="Search">
<meta name=twitter:description content>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Search","item":"https://daffa.info/search/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"Search","name":"Search","description":"","keywords":[],"articleBody":"","wordCount":"0","inLanguage":"en","datePublished":"0001-01-01T00:00:00Z","dateModified":"0001-01-01T00:00:00Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/search/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body class=list id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span class=active>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<header class=page-header>
<h1>Search <svg xmlns="http://www.w3.org/2000/svg" width="28" height="28" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="11" cy="11" r="8"/><line x1="21" y1="21" x2="16.65" y2="16.65"/></svg>
</h1>
<div class=post-meta></div>
</header>
<div id=searchbox>
<input id=searchInput autofocus placeholder="Search ↵" aria-label=search type=search autocomplete=off>
<ul id=searchResults aria-label="search results"></ul>
</div>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

66
public/sitemap.xml Normal file
View File

@ -0,0 +1,66 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
xmlns:xhtml="http://www.w3.org/1999/xhtml">
<url>
<loc>https://daffa.info/tags/cve/</loc>
<lastmod>2022-08-23T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-36282/</loc>
<lastmod>2022-08-23T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/</loc>
<lastmod>2022-08-23T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/</loc>
<lastmod>2022-08-23T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/tags/</loc>
<lastmod>2022-08-23T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-34347/</loc>
<lastmod>2022-08-22T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-36346/</loc>
<lastmod>2022-08-22T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-33201/</loc>
<lastmod>2022-05-08T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-27848/</loc>
<lastmod>2022-04-14T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-27844/</loc>
<lastmod>2022-04-11T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-25618/</loc>
<lastmod>2022-04-04T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-23983/</loc>
<lastmod>2022-02-21T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-23984/</loc>
<lastmod>2022-02-21T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2021-24561/</loc>
<lastmod>2021-07-26T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2021-24531/</loc>
<lastmod>2021-07-21T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2021-24519/</loc>
<lastmod>2021-07-19T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/tags/markdown/</loc>
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
</url><url>
<loc>https://daffa.info/portfolio/</loc>
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
</url><url>
<loc>https://daffa.info/tags/text/</loc>
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
</url><url>
<loc>https://daffa.info/categories/</loc>
</url><url>
<loc>https://daffa.info/search/</loc>
</url>
</urlset>

180
public/tags/cve/index.html Normal file
View File

@ -0,0 +1,180 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>cve | Muhammad Daffa</title>
<meta name=keywords content>
<meta name=description content="Portfolio by Muhammad Daffa">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://daffa.info/tags/cve/>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<link rel=alternate type=application/rss+xml href=https://daffa.info/tags/cve/index.xml>
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="cve">
<meta property="og:description" content="Portfolio by Muhammad Daffa">
<meta property="og:type" content="website">
<meta property="og:url" content="https://daffa.info/tags/cve/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
<meta name=twitter:title content="cve">
<meta name=twitter:description content="Portfolio by Muhammad Daffa">
</head>
<body class=list id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/tags/>Tags</a></div>
<h1>
cve
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg>
</a>
</h1>
</header>
<article class="post-entry tag-entry">
<header class=entry-header>
<h2>CVE-2022-36282
</h2>
</header>
<div class=entry-content>
<p>Description Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiys Search Exclude plugin &lt;= 1.2.6 at WordPress.
Plugin Name Search Exclude
Installation Number 60,000+
Affected Version &lt;= 1.2.6
Fixed Version 1.2.7
Advisory Link MITRE WPScan Patchstack </p>
</div>
<footer class=entry-footer><span title="2022-08-23 11:30:03 +0000 UTC">August 23, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;37 words&nbsp;·&nbsp;Muhammad Daffa</footer>
<a class=entry-link aria-label="post link to CVE-2022-36282" href=https://daffa.info/cve/cve-2022-36282/></a>
</article>
<article class="post-entry tag-entry">
<header class=entry-header>
<h2>CVE-2021-24519
</h2>
</header>
<div class=entry-content>
<p>Description Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin &lt;= 3.2.48 at WordPress.
Plugin Name Download Manager
Installation Number 100,000+
Affected Version &lt;= 3.2.48
Fixed Version 3.2.49
Advisory Link MITRE WPScan Patchstack </p>
</div>
<footer class=entry-footer><span title="2022-08-22 11:30:03 +0000 UTC">August 22, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;35 words&nbsp;·&nbsp;Muhammad Daffa</footer>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/cve/cve-2022-34347/></a>
</article>
<article class="post-entry tag-entry">
<header class=entry-header>
<h2>CVE-2022-36346
</h2>
</header>
<div class=entry-content>
<p>Description Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin &lt;= 9.2 at WordPress.
Plugin Name MaxButtons
Installation Number 100,000+
Affected Version &lt;= 9.2
Fixed Version 9.3
Advisory Link MITRE WPScan Patchstack </p>
</div>
<footer class=entry-footer><span title="2022-08-22 11:30:03 +0000 UTC">August 22, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;34 words&nbsp;·&nbsp;Muhammad Daffa</footer>
<a class=entry-link aria-label="post link to CVE-2022-36346" href=https://daffa.info/cve/cve-2022-36346/></a>
</article>
<article class="post-entry tag-entry">
<header class=entry-header>
<h2>CVE-2022-33201
</h2>
</header>
<div class=entry-content>
<p>Description Cross-Site Request Forgery (CSRF) vulnerability in MailerLite Signup forms (official) plugin &lt;= 1.5.7 at WordPress allows an attacker to change the API key.
Plugin Name MailerLite Signup forms (official)
Installation Number 60,000+
Affected Version &lt;= 1.5.6
Fixed Version 1.5.7
Advisory link MITRE WPScan Patchstack </p>
</div>
<footer class=entry-footer><span title="2022-05-08 11:30:03 +0000 UTC">May 8, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;47 words&nbsp;·&nbsp;Muhammad Daffa</footer>
<a class=entry-link aria-label="post link to CVE-2022-33201" href=https://daffa.info/cve/cve-2022-33201/></a>
</article>
<article class="post-entry tag-entry">
<header class=entry-header>
<h2>CVE-2022-27848
</h2>
</header>
<div class=entry-content>
<p>Description Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) &lt;= 6.5.1
Plugin Name Modern Events Calendar Lite
Installation Number 100,000+ (Closed)
Affected Version &lt;= 6.5.1
Fixed Version 6.5.2
Advisory link MITRE WPScan Patchstack </p>
</div>
<footer class=entry-footer><span title="2022-04-14 11:30:03 +0000 UTC">April 14, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;39 words&nbsp;·&nbsp;Muhammad Daffa</footer>
<a class=entry-link aria-label="post link to CVE-2022-27848" href=https://daffa.info/cve/cve-2022-27848/></a>
</article>
<footer class=page-footer>
<nav class=pagination>
<a class=next href=https://daffa.info/tags/cve/page/2/>Next&nbsp;&nbsp;»
</a>
</nav>
</footer>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

122
public/tags/cve/index.xml Normal file
View File

@ -0,0 +1,122 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
<channel>
<title>cve on Muhammad Daffa</title>
<link>https://daffa.info/tags/cve/</link>
<description>Recent content in cve on Muhammad Daffa</description>
<image>
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Tue, 23 Aug 2022 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/tags/cve/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>CVE-2022-36282</title>
<link>https://daffa.info/cve/cve-2022-36282/</link>
<pubDate>Tue, 23 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-36282/</guid>
<description>Search Exclude &amp;lt; 1.2.7 - Author&#43; Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/cve/cve-2022-34347/</link>
<pubDate>Mon, 22 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-34347/</guid>
<description>Download Manager &amp;lt; 3.2.49 - Clear Stats &amp;amp; Cache via CSRF</description>
</item>
<item>
<title>CVE-2022-36346</title>
<link>https://daffa.info/cve/cve-2022-36346/</link>
<pubDate>Mon, 22 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-36346/</guid>
<description>MaxButtons &amp;lt; 9.3 - Arbitrary Settings Update via CSRF</description>
</item>
<item>
<title>CVE-2022-33201</title>
<link>https://daffa.info/cve/cve-2022-33201/</link>
<pubDate>Sun, 08 May 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-33201/</guid>
<description>MailerLite - Signup forms (official) &amp;lt; 1.5.7 - API Key Update via CSRF</description>
</item>
<item>
<title>CVE-2022-27848</title>
<link>https://daffa.info/cve/cve-2022-27848/</link>
<pubDate>Thu, 14 Apr 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-27848/</guid>
<description>Modern Events Calendar Lite &amp;lt; 6.5.2 - Admin&#43; Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2022-27844</title>
<link>https://daffa.info/cve/cve-2022-27844/</link>
<pubDate>Mon, 11 Apr 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-27844/</guid>
<description>WPvivid Backup and Migration Plugin &amp;lt; 0.9.71 - Admin&#43; Arbitrary File Download</description>
</item>
<item>
<title>CVE-2022-25618</title>
<link>https://daffa.info/cve/cve-2022-25618/</link>
<pubDate>Mon, 04 Apr 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-25618/</guid>
<description>wpDataTables &amp;lt; 2.1.28 - Admin&#43; Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2022-23983</title>
<link>https://daffa.info/cve/cve-2022-23983/</link>
<pubDate>Mon, 21 Feb 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-23983/</guid>
<description>WP Content Copy Protection &amp;amp; No Right Click &amp;lt; 3.4.5 - Settings Update via CSRF</description>
</item>
<item>
<title>CVE-2022-23984</title>
<link>https://daffa.info/cve/cve-2022-23984/</link>
<pubDate>Mon, 21 Feb 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-23984/</guid>
<description>wpDiscuz &amp;lt; 7.3.12 - Sensitive Information Disclosure</description>
</item>
<item>
<title>CVE-2021-24561</title>
<link>https://daffa.info/cve/cve-2021-24561/</link>
<pubDate>Mon, 26 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2021-24561/</guid>
<description>WP SMS &amp;lt; 5.4.13 - Authenticated Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2021-24531</title>
<link>https://daffa.info/cve/cve-2021-24531/</link>
<pubDate>Wed, 21 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2021-24531/</guid>
<description>Charitable - Donation Plugin &amp;lt; 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/cve/cve-2021-24519/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2021-24519/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
</channel>
</rss>

1
public/tags/cve/page/1/index.html Normal file
View File

@ -0,0 +1 @@
<!doctype html><html><head><title>https://daffa.info/tags/cve/</title><link rel=canonical href=https://daffa.info/tags/cve/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/tags/cve/"></head></html>

183
public/tags/cve/page/2/index.html Normal file
View File

@ -0,0 +1,183 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>cve | Muhammad Daffa</title>
<meta name=keywords content>
<meta name=description content="Portfolio by Muhammad Daffa">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://daffa.info/tags/cve/>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<link rel=alternate type=application/rss+xml href=https://daffa.info/tags/cve/index.xml>
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="cve">
<meta property="og:description" content="Portfolio by Muhammad Daffa">
<meta property="og:type" content="website">
<meta property="og:url" content="https://daffa.info/tags/cve/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
<meta name=twitter:title content="cve">
<meta name=twitter:description content="Portfolio by Muhammad Daffa">
</head>
<body class=list id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/tags/>Tags</a></div>
<h1>
cve
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg>
</a>
</h1>
</header>
<article class="post-entry tag-entry">
<header class=entry-header>
<h2>CVE-2022-27844
</h2>
</header>
<div class=entry-content>
<p>Description Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging WPvivid (WordPress plugin) versions &lt;= 0.9.70
Plugin Name WPvivid
Installation Number 200,000+
Affected Version &lt;= 0.9.70
Fixed Version 0.9.71
Advisory link MITRE WPScan Patchstack </p>
</div>
<footer class=entry-footer><span title="2022-04-11 11:30:03 +0000 UTC">April 11, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;36 words&nbsp;·&nbsp;Muhammad Daffa</footer>
<a class=entry-link aria-label="post link to CVE-2022-27844" href=https://daffa.info/cve/cve-2022-27844/></a>
</article>
<article class="post-entry tag-entry">
<header class=entry-header>
<h2>CVE-2022-25618
</h2>
</header>
<div class=entry-content>
<p>Description Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions &lt;= 2.1.27
Plugin Name wpDataTables
Installation Number 60,000+
Affected Version &lt;= 2.1.27
Fixed Version 2.1.28
Advisory link MITRE WPScan Patchstack </p>
</div>
<footer class=entry-footer><span title="2022-04-04 11:30:03 +0000 UTC">April 4, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;33 words&nbsp;·&nbsp;Muhammad Daffa</footer>
<a class=entry-link aria-label="post link to CVE-2022-25618" href=https://daffa.info/cve/cve-2022-25618/></a>
</article>
<article class="post-entry tag-entry">
<header class=entry-header>
<h2>CVE-2022-23983
</h2>
</header>
<div class=entry-content>
<p>Description Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions &lt;= 3.4.4).
Plugin Name WP Content Copy Protection & No Right Click
Installation Number 100,000+
Affected Version &lt;= 3.4.4
Fixed Version 3.4.5
Advisory link MITRE WPScan Patchstack </p>
</div>
<footer class=entry-footer><span title="2022-02-21 11:30:03 +0000 UTC">February 21, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;51 words&nbsp;·&nbsp;Muhammad Daffa</footer>
<a class=entry-link aria-label="post link to CVE-2022-23983" href=https://daffa.info/cve/cve-2022-23983/></a>
</article>
<article class="post-entry tag-entry">
<header class=entry-header>
<h2>CVE-2022-23984
</h2>
</header>
<div class=entry-content>
<p>Description Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions &lt;= 7.3.11).
Plugin Name wpDiscuz
Installation Number 90,000+
Affected Version &lt;= 7.3.11
Fixed Version 7.3.12
Advisory link MITRE WPScan Patchstack </p>
</div>
<footer class=entry-footer><span title="2022-02-21 11:30:03 +0000 UTC">February 21, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;30 words&nbsp;·&nbsp;Muhammad Daffa</footer>
<a class=entry-link aria-label="post link to CVE-2022-23984" href=https://daffa.info/cve/cve-2022-23984/></a>
</article>
<article class="post-entry tag-entry">
<header class=entry-header>
<h2>CVE-2021-24561
</h2>
</header>
<div class=entry-content>
<p>Description The WP SMS WordPress plugin before 5.4.13 does not sanitise the “wp_group_name” parameter before outputting it back in the “Groups” page, leading to an Authenticated Stored Cross-Site Scripting issue
Plugin Name WP SMS Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc
Installation Number 8,000+
Affected Version &lt;= 5.4.12
Fixed Version 5.4.13
Advisory link MITRE WPScan </p>
</div>
<footer class=entry-footer><span title="2021-07-26 11:30:03 +0000 UTC">July 26, 2021</span>&nbsp;·&nbsp;Muhammad Daffa</footer>
<a class=entry-link aria-label="post link to CVE-2021-24561" href=https://daffa.info/cve/cve-2021-24561/></a>
</article>
<footer class=page-footer>
<nav class=pagination>
<a class=prev href=https://daffa.info/tags/cve/>
«&nbsp;Prev&nbsp;
</a>
<a class=next href=https://daffa.info/tags/cve/page/3/>Next&nbsp;&nbsp;»
</a>
</nav>
</footer>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

133
public/tags/cve/page/3/index.html Normal file
View File

@ -0,0 +1,133 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>cve | Muhammad Daffa</title>
<meta name=keywords content>
<meta name=description content="Portfolio by Muhammad Daffa">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://daffa.info/tags/cve/>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<link rel=alternate type=application/rss+xml href=https://daffa.info/tags/cve/index.xml>
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="cve">
<meta property="og:description" content="Portfolio by Muhammad Daffa">
<meta property="og:type" content="website">
<meta property="og:url" content="https://daffa.info/tags/cve/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
<meta name=twitter:title content="cve">
<meta name=twitter:description content="Portfolio by Muhammad Daffa">
</head>
<body class=list id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/tags/>Tags</a></div>
<h1>
cve
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg>
</a>
</h1>
</header>
<article class="post-entry tag-entry">
<header class=entry-header>
<h2>CVE-2021-24531
</h2>
</header>
<div class=entry-content>
<p>Description The Charitable - Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.
Plugin Name Charitable
Installation Number 10,000+
Affected Version &lt;= 1.6.50
Fixed Version 1.6.51
Advisory Link MITRE WPScan </p>
</div>
<footer class=entry-footer><span title="2021-07-21 11:30:03 +0000 UTC">July 21, 2021</span>&nbsp;·&nbsp;Muhammad Daffa</footer>
<a class=entry-link aria-label="post link to CVE-2021-24531" href=https://daffa.info/cve/cve-2021-24531/></a>
</article>
<article class="post-entry tag-entry">
<header class=entry-header>
<h2>CVE-2021-24519
</h2>
</header>
<div class=entry-content>
<p>Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue
Plugin Name VikRentCar
Installation Number 1,000+
Affected Version &lt;= 1.1.9
Fixed Version 1.1.10
Advisory Link MITRE WPScan </p>
</div>
<footer class=entry-footer><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;Muhammad Daffa</footer>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/cve/cve-2021-24519/></a>
</article>
<footer class=page-footer>
<nav class=pagination>
<a class=prev href=https://daffa.info/tags/cve/page/2/>
«&nbsp;Prev&nbsp;
</a>
</nav>
</footer>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

101
public/tags/index.html Normal file
View File

@ -0,0 +1,101 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>Tags | Muhammad Daffa</title>
<meta name=keywords content>
<meta name=description content="Portfolio by Muhammad Daffa">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://daffa.info/tags/>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<link rel=alternate type=application/rss+xml href=https://daffa.info/tags/index.xml>
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="Tags">
<meta property="og:description" content="Portfolio by Muhammad Daffa">
<meta property="og:type" content="website">
<meta property="og:url" content="https://daffa.info/tags/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
<meta name=twitter:title content="Tags">
<meta name=twitter:description content="Portfolio by Muhammad Daffa">
</head>
<body class=list id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<header class=page-header>
<h1>Tags</h1>
</header>
<ul class=terms-tags>
<li>
<a href=https://daffa.info/tags/cve/>cve <sup><strong><sup>12</sup></strong></sup> </a>
</li>
<li>
<a href=https://daffa.info/tags/markdown/>markdown <sup><strong><sup>1</sup></strong></sup> </a>
</li>
<li>
<a href=https://daffa.info/tags/text/>text <sup><strong><sup>1</sup></strong></sup> </a>
</li>
</ul>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

41
public/tags/index.xml Normal file
View File

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
<channel>
<title>Tags on Muhammad Daffa</title>
<link>https://daffa.info/tags/</link>
<description>Recent content in Tags on Muhammad Daffa</description>
<image>
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Tue, 23 Aug 2022 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/tags/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>cve</title>
<link>https://daffa.info/tags/cve/</link>
<pubDate>Tue, 23 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/tags/cve/</guid>
<description></description>
</item>
<item>
<title>markdown</title>
<link>https://daffa.info/tags/markdown/</link>
<pubDate>Sat, 09 Mar 2019 00:00:00 +0000</pubDate>
<guid>https://daffa.info/tags/markdown/</guid>
<description></description>
</item>
<item>
<title>text</title>
<link>https://daffa.info/tags/text/</link>
<pubDate>Sat, 09 Mar 2019 00:00:00 +0000</pubDate>
<guid>https://daffa.info/tags/text/</guid>
<description></description>
</item>
</channel>
</rss>

94
public/tags/markdown/index.html Normal file
View File

@ -0,0 +1,94 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>markdown | Muhammad Daffa</title>
<meta name=keywords content>
<meta name=description content="Portfolio by Muhammad Daffa">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://daffa.info/tags/markdown/>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<link rel=alternate type=application/rss+xml href=https://daffa.info/tags/markdown/index.xml>
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="markdown">
<meta property="og:description" content="Portfolio by Muhammad Daffa">
<meta property="og:type" content="website">
<meta property="og:url" content="https://daffa.info/tags/markdown/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
<meta name=twitter:title content="markdown">
<meta name=twitter:description content="Portfolio by Muhammad Daffa">
</head>
<body class=list id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/tags/>Tags</a></div>
<h1>
markdown
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg>
</a>
</h1>
</header>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

23
public/tags/markdown/index.xml Normal file
View File

@ -0,0 +1,23 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
<channel>
<title>markdown on Muhammad Daffa</title>
<link>https://daffa.info/tags/markdown/</link>
<description>Recent content in markdown on Muhammad Daffa</description>
<image>
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Sat, 09 Mar 2019 00:00:00 +0000</lastBuildDate><atom:link href="https://daffa.info/tags/markdown/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Placeholder Text</title>
<link>https://daffa.info/portfolio/</link>
<pubDate>Sat, 09 Mar 2019 00:00:00 +0000</pubDate>
<guid>https://daffa.info/portfolio/</guid>
<description>Lorem Ipsum Dolor Si Amet</description>
</item>
</channel>
</rss>

1
public/tags/markdown/page/1/index.html Normal file
View File

@ -0,0 +1 @@
<!doctype html><html><head><title>https://daffa.info/tags/markdown/</title><link rel=canonical href=https://daffa.info/tags/markdown/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/tags/markdown/"></head></html>

94
public/tags/text/index.html Normal file
View File

@ -0,0 +1,94 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>text | Muhammad Daffa</title>
<meta name=keywords content>
<meta name=description content="Portfolio by Muhammad Daffa">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://daffa.info/tags/text/>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<link rel=alternate type=application/rss+xml href=https://daffa.info/tags/text/index.xml>
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="text">
<meta property="og:description" content="Portfolio by Muhammad Daffa">
<meta property="og:type" content="website">
<meta property="og:url" content="https://daffa.info/tags/text/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
<meta name=twitter:title content="text">
<meta name=twitter:description content="Portfolio by Muhammad Daffa">
</head>
<body class=list id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/tags/>Tags</a></div>
<h1>
text
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg>
</a>
</h1>
</header>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

23
public/tags/text/index.xml Normal file
View File

@ -0,0 +1,23 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
<channel>
<title>text on Muhammad Daffa</title>
<link>https://daffa.info/tags/text/</link>
<description>Recent content in text on Muhammad Daffa</description>
<image>
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Sat, 09 Mar 2019 00:00:00 +0000</lastBuildDate><atom:link href="https://daffa.info/tags/text/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Placeholder Text</title>
<link>https://daffa.info/portfolio/</link>
<pubDate>Sat, 09 Mar 2019 00:00:00 +0000</pubDate>
<guid>https://daffa.info/portfolio/</guid>
<description>Lorem Ipsum Dolor Si Amet</description>
</item>
</channel>
</rss>

1
public/tags/text/page/1/index.html Normal file
View File

@ -0,0 +1 @@
<!doctype html><html><head><title>https://daffa.info/tags/text/</title><link rel=canonical href=https://daffa.info/tags/text/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/tags/text/"></head></html>

1
themes/PaperMod Submodule

@ -0,0 +1 @@
Subproject commit 3a0a4811cbc07c0bea09ef55b3c1bfb39b48cddd