daffainfo
/
daffa.info
mirror of https://github.com/daffainfo/daffa.info.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: change some pages

main
Muhammad Daffa 2023-08-18 00:01:23 +00:00
parent 652a1d864c
commit e2a15b792e
112 changed files with 214 additions and 5202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
.hugo_build.lock Normal file
View File

10
config.yml
View File

@ -122,15 +122,7 @@ menu:
name: Portfolio
url: /portfolio/
weight: 20
- identifier: blog
name: Blog
url: /blog/
weight: 20
- identifier: search
name: Search
url: /search/
weight: 20
# Read: https://github.com/adityatelange/hugo-PaperMod/wiki/FAQs#using-hugos-syntax-highlighter-chroma
pygmentsUseClasses: true
markup:
highlight:

4
content/about/_index.md
View File

@ -14,9 +14,9 @@ ShowRssButtonInSectionTermList: false
---
## Muhammad Daffa
Hi! I'm Muhammad Daffa, you can call me Daffa. I started learning about cyber security between 2019 / 2020. I was interested in cybersecurity when my facebook friends posted about how they get money doing an activity called "bug bounty". From that post, I tried to learn more about cybersecurity, especially penetration testing on website
Hello! I'm Muhammad Daffa, but you can call me Daffa. I began delving into cybersecurity around 2019 to 2020. My interest sparked when some of my Facebook friends posted about making money through an activity known as 'bug bounty.' Intrigued by their posts, I embarked on a journey to learn more about cybersecurity, with a specific focus on website penetration testing.
Don't ever think I'm a professional penetration tester :D. There are still a lot of things about cyber security that I haven't learned, such as doing penetration testing on Android, iOS, or even on the network. Right now I'm learning about malware analysis too, thanks to TCM Security <3
Please don't mistake me for a professional penetration tester just yet! There's still a wealth of knowledge about cybersecurity that I haven't explored, such as conducting penetration tests on Android, iOS, and even within networks. At present, I'm also immersing myself in the realm of malware analysis, all thanks to TCM Security <3.
## Contact
Contact me if you have something to discuss or if you have a great resource about cybersecurity, i'll be very happy to read about the resource :D

16
content/blog/_index.md
View File

@ -1,16 +0,0 @@
---
author: "Muhammad Daffa"
title: "Blog"
date: "2019-03-09"
# description: "About Muhammad Daffa"
tags: ["profile"]
TocOpen: true
draft: false
hidemeta: true
comments: false
searchHidden: true
ShowBreadCrumbs: false
ShowRssButtonInSectionTermList: false
---
Coming Soon! Still in progress migrating from Medium to this website :)

2
content/achievements/_index.md → content/bug-hunting/_index.md
View File

@ -24,6 +24,8 @@ Here are some of my achievements when doing bug hunting
- [Legally Breaking](https://legallybreaking.com/index.php?p=/hall-fame) (Website Inactive)
- [DIB-VDP Pilot](https://hackerone.com/dib-vdp-pilot) (Program Closed)
- [PlanetArt](https://hackerone.com/planetart/thanks)
- [Automattic](https://hackerone.com/automattic/thanks/2023)
- [Valve](https://hackerone.com/valve/thanks/2023)
- [Yelp](https://hackerone.com/yelp/thanks)
- 2 Private Program at Hackerone

55
content/cve/CVE-2021-24519.md
View File

@ -1,55 +0,0 @@
---
title: "CVE-2021-24519"
date: 2021-07-19T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue
## Plugin Name
[VikRentCar](https://wordpress.org/plugins/vikrentcar/)
## Installation Number
1,000+
## Affected Version
<= 1.1.9
## Fixed Version
1.1.10
## Advisory Link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519)
* [WPScan](https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c)

55
content/cve/CVE-2021-24531.md
View File

@ -1,55 +0,0 @@
---
title: "CVE-2021-24531"
date: 2021-07-21T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "Charitable - Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
The Charitable - Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.
## Plugin Name
[Charitable](https://wordpress.org/plugins/charitable/)
## Installation Number
10,000+
## Affected Version
<= 1.6.50
## Fixed Version
1.6.51
## Advisory Link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24531)
* [WPScan](https://wpscan.com/vulnerability/a5837621-ee6e-4876-9f65-82658fc0341f)

55
content/cve/CVE-2021-24561.md
View File

@ -1,55 +0,0 @@
---
title: "CVE-2021-24561"
date: 2021-07-26T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue
## Plugin Name
[WP SMS Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc](https://wordpress.org/plugins/wp-sms/)
## Installation Number
8,000+
## Affected Version
<= 5.4.12
## Fixed Version
5.4.13
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24561)
* [WPScan](https://wpscan.com/vulnerability/5433ef4c-4451-4b6e-992b-69c5eccabf90)

55
content/cve/CVE-2022-23983.md
View File

@ -1,55 +0,0 @@
---
title: "CVE-2022-23983"
date: 2022-02-21T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: true
comments: false
description: "WP Content Copy Protection & No Right Click < 3.4.5 - Settings Update via CSRF"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: false # to disable highlightjs
disableShare: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4).
## Plugin Name
[WP Content Copy Protection & No Right Click](https://wordpress.org/plugins/wp-content-copy-protection-no-right-click/)
## Installation Number
100,000+
## Affected Version
<= 3.4.4
## Fixed Version
3.4.5
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23983)
* [WPScan](https://wpscan.com/vulnerability/b6733721-56fc-44f5-b18b-cd5793517515)
* [Patchstack](https://patchstack.com/database/vulnerability/wp-content-copy-protector/wordpress-wp-content-copy-protection-no-right-click-plugin-3-4-4-cross-site-request-forgery-csrf-leads-to-settings-update-vulnerability)

57
content/cve/CVE-2022-23984.md
View File

@ -1,57 +0,0 @@
---
title: "CVE-2022-23984"
date: 2022-02-21T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "wpDiscuz < 7.3.12 - Sensitive Information Disclosure"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11).
## Plugin Name
[wpDiscuz](https://wordpress.org/plugins/wpdiscuz/)
## Installation Number
90,000+
## Affected Version
<= 7.3.11
## Fixed Version
7.3.12
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23984)
* [WPScan](https://wpscan.com/vulnerability/027e6ef8-39d8-4fa9-957f-f53ee7175c0a)
* [Patchstack](https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-wpdiscuz-plugin-7-3-11-sensitive-information-disclosure-vulnerability)

57
content/cve/CVE-2022-25618.md
View File

@ -1,57 +0,0 @@
---
title: "CVE-2022-25618"
date: 2022-04-04T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "wpDataTables < 2.1.28 - Admin+ Stored Cross-Site Scripting"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27
## Plugin Name
[wpDataTables](https://wordpress.org/plugins/wpdatatables/)
## Installation Number
60,000+
## Affected Version
<= 2.1.27
## Fixed Version
2.1.28
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25618)
* [WPScan](https://wpscan.com/vulnerability/02a8b0bc-e434-4be5-8892-cba13d1b4329)
* [Patchstack](https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-stored-cross-site-scripting-xss-vulnerability)

57
content/cve/CVE-2022-27844.md
View File

@ -1,57 +0,0 @@
---
title: "CVE-2022-27844"
date: 2022-04-11T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "WPvivid Backup and Migration Plugin < 0.9.71 - Admin+ Arbitrary File Download"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging WPvivid (WordPress plugin) versions <= 0.9.70
## Plugin Name
[WPvivid](https://wordpress.org/plugins/wpvivid-backup-restore/)
## Installation Number
200,000+
## Affected Version
<= 0.9.70
## Fixed Version
0.9.71
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27844)
* [WPScan](https://wpscan.com/vulnerability/e15703bd-d23d-46fc-8fc9-a3c6d851df0a)
* [Patchstack](https://patchstack.com/database/vulnerability/wpvivid-backuprestore/wordpress-wpvivid-plugin-0-9-70-arbitrary-file-read-vulnerability)

56
content/cve/CVE-2022-27848.md
View File

@ -1,56 +0,0 @@
---
title: "CVE-2022-27848"
date: 2022-04-14T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "Modern Events Calendar Lite < 6.5.2 - Admin+ Stored Cross-Site Scripting"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1
## Plugin Name
[Modern Events Calendar Lite](https://wordpress.org/plugins/modern-events-calendar-lite/)
## Installation Number
100,000+ (Closed)
## Affected Version
<= 6.5.1
## Fixed Version
6.5.2
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27848)
* [WPScan](https://wpscan.com/vulnerability/ef2843d0-f84d-4093-a08b-342ed0848914)
* [Patchstack](https://patchstack.com/database/vulnerability/modern-events-calendar-lite/wordpress-modern-events-calendar-lite-plugin-6-5-1-authenticated-stored-cross-site-scripting-xss-vulnerability)

54
content/cve/CVE-2022-32587.md
View File

@ -1,54 +0,0 @@
---
title: "CVE-2022-32587"
date: 2022-09-26T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: true
comments: false
description: "WordPress WP Page Widget plugin <= 3.9 - Cross-Site Request Forgery"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: false # to disable highlightjs
disableShare: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings change.
## Plugin Name
[WP Page Widget](https://wordpress.org/plugins/wp-page-widget/)
## Installation Number
60,000+
## Affected Version
<= 3.9
## Fixed Version
4.0
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32587)
* [Patchstack](https://patchstack.com/database/vulnerability/wp-page-widget/wordpress-wp-page-widget-plugin-3-9-cross-site-request-forgery-csrf-vulnerability)

56
content/cve/CVE-2022-33201.md
View File

@ -1,56 +0,0 @@
---
title: "CVE-2022-33201"
date: 2022-05-08T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "MailerLite - Signup forms (official) < 1.5.7 - API Key Update via CSRF"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Cross-Site Request Forgery (CSRF) vulnerability in MailerLite Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key.
## Plugin Name
[MailerLite Signup forms (official)](https://wordpress.org/plugins/official-mailerlite-sign-up-forms/)
## Installation Number
60,000+
## Affected Version
<= 1.5.6
## Fixed Version
1.5.7
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33201)
* [WPScan](https://wpscan.com/vulnerability/dcce9241-4903-40dc-98d1-0abc30a3f779)
* [Patchstack](https://patchstack.com/database/vulnerability/official-mailerlite-sign-up-forms/wordpress-mailerlite-signup-forms-official-plugin-1-5-7-cross-site-request-forgery-csrf-vulnerability)

56
content/cve/CVE-2022-34347.md
View File

@ -1,56 +0,0 @@
---
title: "CVE-2022-34347"
date: 2022-08-22T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "Download Manager < 3.2.49 - Clear Stats & Cache via CSRF"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
## Plugin Name
[Download Manager](https://wordpress.org/plugins/download-manager/)
## Installation Number
100,000+
## Affected Version
<= 3.2.48
## Fixed Version
3.2.49
## Advisory Link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34347)
* [WPScan](https://wpscan.com/vulnerability/1fe07196-52d4-40c5-b01d-69852b4fb9c5)
* [Patchstack](https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3-2-48-cross-site-request-forgery-csrf-vulnerability)

56
content/cve/CVE-2022-36282.md
View File

@ -1,56 +0,0 @@
---
title: "CVE-2022-36282"
date: 2022-08-23T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "Search Exclude < 1.2.7 - Author+ Stored Cross-Site Scripting"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's Search Exclude plugin <= 1.2.6 at WordPress.
## Plugin Name
[Search Exclude](https://wordpress.org/plugins/search-exclude/)
## Installation Number
60,000+
## Affected Version
<= 1.2.6
## Fixed Version
1.2.7
## Advisory Link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36282)
* [WPScan](https://wpscan.com/vulnerability/52841b21-493f-4e63-bcbf-528089955e4f)
* [Patchstack](https://patchstack.com/database/vulnerability/search-exclude/wordpress-search-exclude-plugin-1-2-6-authenticated-stored-cross-site-scripting-xss-vulnerability)

54
content/cve/CVE-2022-36340.md
View File

@ -1,54 +0,0 @@
---
title: "CVE-2022-36340"
date: 2022-09-23T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: true
comments: false
description: "WordPress MailOptin plugin <= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: false # to disable highlightjs
disableShare: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress.
## Plugin Name
[Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber MailOptin](https://wordpress.org/plugins/mailoptin/)
## Installation Number
30,000+
## Affected Version
<= 1.2.49.0
## Fixed Version
1.2.50.0
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36340)
* [Patchstack](https://patchstack.com/database/vulnerability/mailoptin/wordpress-mailoptin-plugin-1-2-49-0-unauthenticated-optin-campaign-cache-deletion-vulnerability)

56
content/cve/CVE-2022-36346.md
View File

@ -1,56 +0,0 @@
---
title: "CVE-2022-36346"
date: 2022-08-22T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: false
comments: false
description: "MaxButtons < 9.3 - Arbitrary Settings Update via CSRF"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: true # to disable highlightjs
disableShare: false
disableHLJS: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress.
## Plugin Name
[MaxButtons](https://wordpress.org/plugins/maxbuttons/)
## Installation Number
100,000+
## Affected Version
<= 9.2
## Fixed Version
9.3
## Advisory Link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36346)
* [WPScan](https://wpscan.com/vulnerability/c1b448e0-430a-4f47-aded-77af8d291232)
* [Patchstack](https://patchstack.com/database/vulnerability/maxbuttons/wordpress-maxbuttons-plugins-9-2-multiple-cross-site-request-forgery-csrf-vulnerabilities)

54
content/cve/CVE-2022-38095.md
View File

@ -1,54 +0,0 @@
---
title: "CVE-2022-38095"
date: 2022-09-23T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: true
comments: false
description: "WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 - Cross-Site Request Forgery"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: false # to disable highlightjs
disableShare: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress.
## Plugin Name
[Advanced Dynamic Pricing for WooCommerce](https://wordpress.org/plugins/advanced-dynamic-pricing-for-woocommerce/)
## Installation Number
20,000+
## Affected Version
<= 4.1.3
## Fixed Version
4.1.4
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38095)
* [Patchstack](https://patchstack.com/database/vulnerability/advanced-dynamic-pricing-for-woocommerce/wordpress-advanced-dynamic-pricing-for-woocommerce-plugin-4-1-3-cross-site-request-forgery-csrf-vulnerability)

54
content/cve/CVE-2022-38134.md
View File

@ -1,54 +0,0 @@
---
title: "CVE-2022-38134"
date: 2022-09-23T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: true
comments: false
description: "WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Authenticated Broken Access Control"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: false # to disable highlightjs
disableShare: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.
## Plugin Name
[Customer Reviews for WooCommerce](https://wordpress.org/plugins/customer-reviews-woocommerce/)
## Installation Number
50,000+
## Affected Version
<= 5.3.5
## Fixed Version
5.3.6
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38134)
* [Patchstack](https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-authenticated-broken-access-control-vulnerability)

54
content/cve/CVE-2022-38137.md
View File

@ -1,54 +0,0 @@
---
title: "CVE-2022-38137"
date: 2022-09-26T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: true
comments: false
description: "WordPress Analytify plugin <= 4.2.2 - Cross-Site Request Forgery"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: false # to disable highlightjs
disableShare: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
-
## Plugin Name
[Analytify Google Analytics Dashboard For WordPress](https://wordpress.org/plugins/wp-analytify/)
## Installation Number
60,000+
## Affected Version
<= 4.2.2
## Fixed Version
4.2.3
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38137)
* [Patchstack](https://patchstack.com/database/vulnerability/wp-analytify/wordpress-analytify-plugin-4-2-2-cross-site-request-forgery-csrf-vulnerability)

54
content/cve/CVE-2022-38470.md
View File

@ -1,54 +0,0 @@
---
title: "CVE-2022-38470"
date: 2022-09-22T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: true
comments: false
description: "WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Cross-Site Request Forgery"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: false # to disable highlightjs
disableShare: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.
## Plugin Name
[Customer Reviews for WooCommerce](https://wordpress.org/plugins/customer-reviews-woocommerce/)
## Installation Number
50,000+
## Affected Version
<= 5.3.5
## Fixed Version
5.3.6
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38470)
* [Patchstack](https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-cross-site-request-forgery-csrf-vulnerability)

54
content/cve/CVE-2022-38704.md
View File

@ -1,54 +0,0 @@
---
title: "CVE-2022-38704"
date: 2022-02-23T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: true
comments: false
description: "WordPress SEO Redirection plugin <= 8.9 - Cross-Site Request Forgery"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: false # to disable highlightjs
disableShare: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.
## Plugin Name
[SEO Redirection Plugin 301 Redirect Manager](https://wordpress.org/plugins/seo-redirection)
## Installation Number
30,000+
## Affected Version
<= 8.9
## Fixed Version
9.1
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38704)
* [Patchstack](https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-8-9-cross-site-request-forgery-csrf-vulnerability)

54
content/cve/CVE-2022-40132.md
View File

@ -1,54 +0,0 @@
---
title: "CVE-2022-40132"
date: 2022-09-23T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: true
comments: false
description: "WordPress Seriously Simple Podcasting plugin <= 2.16.0 - Cross-Site Request Forgery"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: false # to disable highlightjs
disableShare: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change.
## Plugin Name
[Seriously Simple Podcasting](https://wordpress.org/plugins/seriously-simple-podcasting)
## Installation Number
30,000+
## Affected Version
<= 2.16.0
## Fixed Version
2.16.1
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40132)
* [Patchstack](https://patchstack.com/database/vulnerability/seriously-simple-podcasting/wordpress-seriously-simple-podcasting-plugin-2-16-0-cross-site-request-forgery-csrf-vulnerability)

54
content/cve/CVE-2022-40194.md
View File

@ -1,54 +0,0 @@
---
title: "CVE-2022-40194"
date: 2022-09-23T11:30:03+00:00
# weight: 1
# aliases: ["/first"]
tags: ["cve"]
author: "Muhammad Daffa"
# author: ["Me", "You"] # multiple authors
showToc: true
TocOpen: true
draft: false
hidemeta: true
comments: false
description: "WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Sensitive Information Disclosure"
canonicalURL: "https://canonical.url/to/page"
disableHLJS: false # to disable highlightjs
disableShare: false
hideSummary: false
searchHidden: true
ShowReadingTime: false
ShowBreadCrumbs: true
ShowPostNavLinks: true
ShowWordCount: false
ShowRssButtonInSectionTermList: true
UseHugoToc: true
cover:
image: "<image path/url>" # image path/url
alt: "<alt text>" # alt text
caption: "<text>" # display caption under cover
relative: false # when using page bundles set this to true
hidden: true # only hide on current single page
# editPost:
# URL: "https://github.com/<path_to_repo>/content"
# Text: "Suggest Changes" # edit text
# appendFilePath: true # to append file path to Edit link
---
## Description
Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress
## Plugin Name
[Customer Reviews for WooCommerce](https://wordpress.org/plugins/customer-reviews-woocommerce/)
## Installation Number
50,000+
## Affected Version
<= 5.3.5
## Fixed Version
5.3.6
## Advisory link
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38134)
* [Patchstack](https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-sensitive-information-disclosure-vulnerability/)

97
content/cve/_index.md
View File

@ -1,6 +1,97 @@
---
author: "Muhammad Daffa"
title: "CVEs"
layout: "archives"
# url: "/archives"
summary: "List of all my CVEs"
date: "2019-03-09"
# description: "About Muhammad Daffa"
tags: ["profile"]
TocOpen: true
draft: false
hidemeta: true
comments: false
searchHidden: true
ShowBreadCrumbs: false
ShowRssButtonInSectionTermList: false
---
These are some of the CVEs I obtained from conducting penetration testing.
## CVEs
- [CVE-2023-25989](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/meks-smart-social-widget/meks-smart-social-widget-16-cross-site-request-forgery-via-meks-remove-notification)
- [CVE-2022-47172](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woolentor-addons/woolentor-262-cross-site-request-forgery-via-process-data)
- [CVE-2022-47169](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/visibility-logic-elementor/visibility-logic-for-elementor-234-cross-site-request-forgery-via-toggle-option)
- [CVE-2023-23823](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/enhanced-text-widget/enhanced-text-widget-157-missing-authorization)
- [CVE-2022-45372](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-product-gallery-slider/product-gallery-slider-for-woocommerce-228-cross-site-request-forgery)
- [CVE-2022-33974](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/custom-twitter-feeds/custom-twitter-feeds-tweets-widget-184-cross-site-request-forgery)
- [CVE-2022-47174](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/performance-lab/performance-lab-220-cross-site-request-forgery-via-dismiss-wp-pointer)
- [CVE-2022-47136](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ninja-tables/ninja-tables-434-cross-site-request-forgery)
- [CVE-2022-47178](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/simple-share-buttons-adder/simple-share-buttons-adder-846-cross-site-request-forgery)
- [CVE-2022-47137](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ninja-tables/ninja-tables-434-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings)
- [CVE-2022-45371](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/shopengine/shopengine-411-cross-site-request-forgery)
- [CVE-2022-33961](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/yellow-pencil-visual-theme-customizer/yellowpencil-visual-css-style-editor-758-reflected-cross-site-scripting-livelink)
- [CVE-2022-32970](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/themify-portfolio-post/themify-portfolio-post-122-authenticated-editor-stored-cross-site-scripting)
- [CVE-2022-45367](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/custom-order-numbers-for-woocommerce/custom-order-numbers-for-woocommerce-140-cross-site-request-forgery)
- [CVE-2022-47149](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/pretty-link/shortlinks-by-pretty-links-340-cross-site-request-forgery-via-route)
- [CVE-2022-47161](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/health-check/health-check-troubleshooting-151-cross-site-request-forgery-via-health-check-troubleshoot-get-captures)
- [CVE-2023-28989](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/happy-elementor-addons/happy-addons-for-elementor-382-cross-site-request-forgery-via-handle-optin-optout)
- [CVE-2022-46793](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-product-feed-pro/product-feed-pro-for-woocommerce-1240-cross-site-request-forgery-via-update-project)
- [CVE-2022-46795](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-delivery-notes/print-invoice-delivery-notes-for-woocommerce-472-cross-site-request-forgery-via-ts-reset-tracking-setting)
- [CVE-2022-46794](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/weight-based-shipping-for-woocommerce/woocommerce-weight-based-shipping-541-cross-site-request-forgery-leading-to-plugin-settings-changes)
- [CVE-2023-27461](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/when-last-login/when-last-login-121-cross-site-request-forgery)
- [CVE-2023-26543](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-meteor/wp-meteor-page-speed-optimization-topping-314-cross-site-request-forgery-via-processajaxnoticedismiss)
- [CVE-2022-46851](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/astra-sites/starter-templates-elementor-wordpress-beaver-builder-templates-3120-cross-site-request-forgery-in-add-to-favorite)
- [CVE-2022-46853](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/the-post-grid/the-post-grid-shortcode-gutenberg-blocks-and-elementor-addon-for-post-grid-504-cross-site-request-forgery-in-rttpg-spare-me)
- [CVE-2022-46852](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-table-builder/wp-table-builder-wordpress-table-plugin-146-authenticated-admin-stored-cross-site-scripting)
- [CVE-2022-40198](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-wallet/terawallet-for-woocommerce-1324-cross-site-request-forgery-via-admin-options)
- [CVE-2022-47166](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cf7-widget-elementor/void-contact-form-7-widget-for-elementor-page-builder-211-cross-site-request-forgery-in-void-cf7-opt-in-user-data-track)
- [CVE-2022-46855](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/dk-pricr-responsive-pricing-table/responsive-pricing-table-516-authenticated-contributor-stored-cross-site-scripting)
- [CVE-2022-46797](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/enhanced-e-commerce-for-woocommerce-store/all-in-one-google-analytics-pixels-and-product-feed-manager-for-woocommerce-523-cross-site-request-forgery)
- [CVE-2022-46796](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-multi-currency/curcy-2125-missing-authorization-to-currency-exchange-retrieval)
- [CVE-2022-46798](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woolentor-addons/shoplentor-251-cross-site-request-forgery-to-post-updates)
- [CVE-2022-46848](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/visualizer/visualizer-391-authenticatedcontributor-stored-cross-site-scripting)
- [CVE-2022-45068](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-mercadopago/mercado-pago-payments-for-woocommerce-631-cross-site-request-forgery)
- [CVE-2023-23711](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/a2-optimized-wp/a2-optimized-wp-304-cross-site-request-forgery)
- [CVE-2022-45376](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/side-cart-woocommerce/side-cart-woocommerce-ajax-21-cross-site-request-forgery)
- [CVE-2022-45076](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/flexible-elementor-panel/flexible-elementor-panel-238-cross-site-request-forgery)
- [CVE-2022-47148](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-pdf-invoices-packing-slips/woocommerce-pdf-invoices-packing-slips-325-cross-site-request-forgery)
- [CVE-2022-47170](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-1548-authenticated-admin-cross-site-scripting-xss)
- [CVE-2023-22700](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/pixelyoursite/pixelyoursite-930-cross-site-request-forgery)
- [CVE-2022-45067](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-261-cross-site-request-forgery)
- [CVE-2022-26366](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/adrotate/adrotate-banner-manager-59-cross-site-request-forgery)
- [CVE-2022-25952](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/content-egg/content-egg-540-cross-site-request-forgery)
- [CVE-2022-43481](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-coupons-for-woocommerce-free/advanced-coupons-for-woocommerce-coupons-45-cross-site-request-forgery)
- [CVE-2022-43463](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/yikes-inc-easy-custom-woocommerce-product-tabs/custom-product-tabs-for-woocommerce-179-authenticated-administrator-stored-cross-site-scripting)
- [CVE-2022-36401](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-wallet/terawallet-for-woocommerce-1324-cross-site-request-forgery)
- [CVE-2022-43488](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-415-cross-site-request-forgery-2)
- [CVE-2022-40686](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/creative-mail-by-constant-contact/creative-mail-154-cross-site-request-forgery-to-plugin-deactivation)
- [CVE-2022-40687](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/creative-mail-by-constant-contact/creative-mail-154-cross-site-request-forgery-to-settings-disconnect)
- [CVE-2022-41805](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-jetpack/booster-for-woocommerce-566-cross-site-request-forgery)
- [CVE-2022-34148](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/backup/backup-guard-169-authenticated-administrator-stored-cross-site-scripting)
- [CVE-2022-43491](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-415-cross-site-request-forgery)
- [CVE-2022-38137](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-analytify/analytify-google-analytics-dashboard-for-wordpress-422-cross-site-request-forgery)
- [CVE-2022-32776](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-ads/advanced-ads-ad-manager-adsense-1311-authenticated-administrator-stored-cross-site-scripting)
- [CVE-2022-34654](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/manage-notification-emails/manage-notification-e-mails-182-cross-site-request-forgery-to-plugin-options-update)
- [CVE-2022-32587](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-page-widget/wp-page-widget-39-cross-site-request-forgery)
- [CVE-2022-36340](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/mailoptin/mailoptin-12490-missing-authorization-to-cache-deletion)
- [CVE-2022-40132](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/seriously-simple-podcasting/seriously-simple-podcasting-2160-cross-site-request-forgery)
- [CVE-2022-38134](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-535-multiple-unprotected-ajax-actions)
- [CVE-2022-40194](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-535-sensitive-data-exposure)
- [CVE-2022-38470](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-535-cross-site-request-forgery)
- [CVE-2022-38095](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-413-cross-site-request-forgery-to-plugin-settings-update)
- [CVE-2022-33177](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/booking/booking-calendar-921-cross-site-request-forgery)
- [CVE-2022-38058](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-shamsi/wp-shamsi-411-missing-authorization-to-plugin-settings-update)
- [CVE-2022-36282](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/search-exclude/search-exclude-126-authenticated-editor-stored-cross-site-scripting)
- [CVE-2022-35726](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/yotuwp-easy-youtube-embed/video-gallery-youtube-playlist-channel-gallery-by-yotuwp-138-missing-authorization)
- [CVE-2022-38703](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/maxbuttons/maxbuttons-92-authenticated-administrator-stored-cross-site-scripting)
- [CVE-2022-34347](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/download-manager/download-manager-3248-cross-site-request-forgery-to-plugin-settings-update)
- [CVE-2022-36346](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/maxbuttons/wordpress-button-plugin-maxbuttons-92-cross-site-request-forgery)
- [CVE-2022-38704](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/seo-redirection/seo-redirection-plugin-301-redirect-manager-89-cross-site-request-forgery)
- [CVE-2022-33201](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/official-mailerlite-sign-up-forms/mailerlite-signup-forms-official-157-cross-site-request-forgery)
- [CVE-2022-27848](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/modern-events-calendar-lite/modern-events-calendar-lite-651-authenticated-admin-stored-cross-site-scripting)
- [CVE-2022-27844](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0970-authenticated-arbitrary-file-read)
- [CVE-2022-25618](https://www.wordfence.com/threat-intel/vulnerabilities/detail/wpdatatables-wordpress-tables-table-charts-plugin-2127-authenticated-admin-stored-cross-site-scripting)
- [CVE-2022-23983](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-content-copy-protection/wp-content-copy-protection-344-cross-site-request-forgery-to-setting-update)
- [CVE-2022-23984](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpdiscuz/comments-wpdiscuz-7311-sensitive-information-disclosure)
- [CVE-2021-24561](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-sms/wp-sms-5412-authenticated-stored-cross-site-scripting)
- [CVE-2021-24531](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/charitable/charitable-donation-plugin-1650-authenticated-stored-cross-site-scripting)
- [CVE-2021-24519](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/vikrentcar/vikrentcar-car-rental-management-system-1110-authenticated-admin-stored-cross-site-scripting)

73
content/portfolio/_index.md
View File

@ -21,41 +21,86 @@ The list below are some of the companies that recognize me as a bug hunter. Here
- Hall of Fame at Sekolah Siber
- Hall of Fame at wur.nl
- Thanks list at HackerOne PlanetArt
- Thanks list at Private Program HackerOne
- Thanks list at HackerOne Valve
- Certificate Appreciation from GeeksforGeeks
**[Click here](https://daffa.info/achievements/)** to see the full list
**[Click here](https://daffa.info/bug-hunting/)** to see the full list
## CVEs
Here is a list of CVEs that I got, most of them came from vulnerabilities in wordpress. I have a target which is to have **100++ CVEs**.
- [CVE-2022-40194](https://daffa.info/cve/cve-2022-40194/) (WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Sensitive Information Disclosure)
- [CVE-2022-40132](https://daffa.info/cve/cve-2022-40132/) (WordPress Seriously Simple Podcasting plugin <= 2.16.0 - CSRF)
- [CVE-2022-38704](https://daffa.info/cve/cve-2022-38704/) (WordPress SEO Redirection plugin <= 8.9 - CSRF)
- [CVE-2022-38470](https://daffa.info/cve/cve-2022-38470/) (WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - CSRF)
- [CVE-2022-38095](https://daffa.info/cve/cve-2022-38095/) (WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 - CSRF)
- [CVE-2023-25989](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/meks-smart-social-widget/meks-smart-social-widget-16-cross-site-request-forgery-via-meks-remove-notification)
- [CVE-2022-47172](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woolentor-addons/woolentor-262-cross-site-request-forgery-via-process-data)
- [CVE-2022-47169](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/visibility-logic-elementor/visibility-logic-for-elementor-234-cross-site-request-forgery-via-toggle-option)
- [CVE-2023-23823](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/enhanced-text-widget/enhanced-text-widget-157-missing-authorization)
- [CVE-2022-45372](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-product-gallery-slider/product-gallery-slider-for-woocommerce-228-cross-site-request-forgery)
Total CVEs: **19**
Total CVEs: **89**
**[Click here](https://daffa.info/cve/)** to see the full list
## GitHub Projects
## Capture The Flag
These are my github projects which have lots of stars and forks
I started to do CTF again in 2023, and this is a list of wins we have achieved while participating in several CTF competitions
### CTF Competitions
| Event Name | Team | Ranking |
| ---------- | ---- | ------- |
| DeconstruCT.F 2023 | aseng_fans_club | 1 |
| The Odyssey CTF | aseng_fans_club | 1 |
| BDSec CTF 2023 | HCS | 1 |
| 0xLaugh CTF 2023 | TCP1P | 2 |
### Writeup Competitions
| Event Name | Team |
| ---------- | ---- |
| UIUCTF 2023 | TCP1P |
## Open Source Projects
Here are my open source projects related to cybersecurity that I have created and pushed to GitHub.
### Maintained Projects
#### Notes
- [AllAboutBugBounty](https://github.com/daffainfo/AllAboutBugBounty)
- [all-about-apikey](https://github.com/daffainfo/all-about-apikey)
- [Key-Checker](https://github.com/daffainfo/Key-Checker)
- [match-replace-burp](https://github.com/daffainfo/match-replace-burp)
- [Oneliner-Bugbounty](https://github.com/daffainfo/Oneliner-Bugbounty)
#### CTF
- [ctf-writeup](https://github.com/daffainfo/ctf-writeup)
#### Blue Team
- [malpacks](https://github.com/daffainfo/malpacks)
- [suricata-rules](https://github.com/daffainfo/suricata-rules)
#### Labs
- [vulnerable-web](https://github.com/daffainfo/vulnerable-web)
- [vulnlabs](https://github.com/daffainfo/vulnlabs)
#### Tools
- [bypass-403](https://github.com/daffainfo/bypass-403)
- [bash-bounty](https://github.com/daffainfo/bash-bounty)
- [apiguesser](https://github.com/daffainfo/apiguesser)
- [apiguesser](https://github.com/daffainfo/apiguesser-web)
- [mailspoof](https://github.com/daffainfo/mailspoof)
### Abandoned Projects
- [Git-Secret](https://github.com/daffainfo/Git-Secret)
- [Bug-Bounty-Tools](https://github.com/daffainfo/Bug-Bounty-Tools)
- [Key-Checker](https://github.com/daffainfo/Key-Checker)
**[Click here](https://github.com/daffainfo?tab=repositories)** to check some of my repositories
## Certifications
- eLearnSecurity Web Application Penetration Tester eXtreme (eWPTXv2)
- eLearnSecurity Junior Penetration Tester (eJPT)
- Certified AppSec Practitioner
- Certfied Network Security Practicioner
- Certified Secure Computer User (C/SCU)
- Fortinet Network Security Expert Level 1: Certified Associate (NSE 1)
- Fortinet Network Security Expert Level 2: Certified Associate (NSE 2)
## Misc

4
content/search.md
View File

@ -1,4 +0,0 @@
---
title: "Search"
layout: "search"
---

2
public/404.html
View File

@ -1,4 +1,4 @@
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>404 Page not found | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/404.html><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="404 Page not found"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/404.html"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="404 Page not found"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/blog/ title=Blog><span>Blog</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li><li><a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/><span>Search</span></a></li></ul></nav></header><main class=main><div class=not-found>404</div></main><footer class=footer><span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>404 Page not found | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/404.html><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="404 Page not found"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/404.html"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="404 Page not found"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li></ul></nav></header><main class=main><div class=not-found>404</div></main><footer class=footer><span>&copy; 2023 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(e){b.contains(e.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>

4
public/about/index.html
View File

File diff suppressed because one or more lines are too long

1
public/about/index.xml
View File

@ -9,6 +9,7 @@
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<language>en</language>
<lastBuildDate>Sat, 09 Mar 2019 00:00:00 +0000</lastBuildDate><atom:link href="https://daffa.info/about/index.xml" rel="self" type="application/rss+xml" />
</channel>
</rss>

2
public/achievements/index.html
View File

File diff suppressed because one or more lines are too long

1
public/achievements/index.xml
View File

@ -9,6 +9,7 @@
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<language>en</language>
<lastBuildDate>Sat, 09 Mar 2019 00:00:00 +0000</lastBuildDate><atom:link href="https://daffa.info/achievements/index.xml" rel="self" type="application/rss+xml" />
</channel>
</rss>

7
public/assets/css/stylesheet.bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20.css
View File

File diff suppressed because one or more lines are too long

44
public/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js
View File

File diff suppressed because one or more lines are too long

19
public/assets/js/search.1943d4c8dfc6e73d572d17ccfc55c943211a702f7734fab3645d5b715395679e.js
View File

File diff suppressed because one or more lines are too long

19
public/assets/js/search.7ea763d329edcc0b8bdc24b427d892f103a377a17831aa4828cba094a8b0db74.js
View File

File diff suppressed because one or more lines are too long

4
public/blog/index.html
View File

File diff suppressed because one or more lines are too long

1
public/blog/page/1/index.html
View File

@ -1 +0,0 @@
<!doctype html><html lang=en><head><title>https://daffa.info/blog/</title><link rel=canonical href=https://daffa.info/blog/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/blog/"></head></html>

5
public/bug-hunting/index.html Normal file
View File

File diff suppressed because one or more lines are too long

9
public/blog/index.xml → public/bug-hunting/index.xml
View File

@ -1,14 +1,15 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
<channel>
<title>Blog on Muhammad Daffa</title>
<link>https://daffa.info/blog/</link>
<description>Recent content in Blog on Muhammad Daffa</description>
<title>Portfolio on Muhammad Daffa</title>
<link>https://daffa.info/bug-hunting/</link>
<description>Recent content in Portfolio on Muhammad Daffa</description>
<image>
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Sat, 09 Mar 2019 00:00:00 +0000</lastBuildDate><atom:link href="https://daffa.info/blog/index.xml" rel="self" type="application/rss+xml" />
<language>en</language>
<lastBuildDate>Sat, 09 Mar 2019 00:00:00 +0000</lastBuildDate><atom:link href="https://daffa.info/bug-hunting/index.xml" rel="self" type="application/rss+xml" />
</channel>
</rss>

1
public/bug-hunting/page/1/index.html Normal file
View File

@ -0,0 +1 @@
<!doctype html><html lang=en><head><title>https://daffa.info/bug-hunting/</title><link rel=canonical href=https://daffa.info/bug-hunting/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/bug-hunting/"></head></html>

2
public/categories/index.html
View File

@ -1,4 +1,4 @@
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Categories | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/categories/><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://daffa.info/categories/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="Categories"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/categories/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="Categories"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/blog/ title=Blog><span>Blog</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li><li><a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/><span>Search</span></a></li></ul></nav></header><main class=main><header class=page-header><h1>Categories</h1></header><ul class=terms-tags></ul></main><footer class=footer><span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Categories | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/categories/><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://daffa.info/categories/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="Categories"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/categories/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="Categories"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li></ul></nav></header><main class=main><header class=page-header><h1>Categories</h1></header><ul class=terms-tags></ul></main><footer class=footer><span>&copy; 2023 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(e){b.contains(e.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>

3
public/categories/index.xml
View File

@ -8,6 +8,7 @@
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator><atom:link href="https://daffa.info/categories/index.xml" rel="self" type="application/rss+xml" />
<generator>Hugo -- gohugo.io</generator>
<language>en</language><atom:link href="https://daffa.info/categories/index.xml" rel="self" type="application/rss+xml" />
</channel>
</rss>

5
public/cve/cve-2021-24519/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2021-24531/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2021-24561/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2022-23983/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2022-23984/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2022-25618/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2022-27844/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2022-27848/index.html
View File

File diff suppressed because one or more lines are too long

5
public/cve/cve-2022-32587/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2022-33201/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2022-34347/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2022-36282/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2022-36340/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2022-36346/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2022-38095/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2022-38134/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2022-38137/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2022-38470/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2022-38704/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2022-40132/index.html
View File

File diff suppressed because one or more lines are too long

6
public/cve/cve-2022-40194/index.html
View File

File diff suppressed because one or more lines are too long

3
public/cve/index.html
View File

File diff suppressed because one or more lines are too long

192
public/cve/index.xml
View File

@ -9,195 +9,7 @@
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Mon, 26 Sep 2022 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/cve/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>CVE-2022-32587</title>
<link>https://daffa.info/cve/cve-2022-32587/</link>
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-32587/</guid>
<description>WordPress WP Page Widget plugin &amp;lt;= 3.9 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-38137</title>
<link>https://daffa.info/cve/cve-2022-38137/</link>
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-38137/</guid>
<description>WordPress Analytify plugin &amp;lt;= 4.2.2 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-36340</title>
<link>https://daffa.info/cve/cve-2022-36340/</link>
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-36340/</guid>
<description>WordPress MailOptin plugin &amp;lt;= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion</description>
</item>
<item>
<title>CVE-2022-38095</title>
<link>https://daffa.info/cve/cve-2022-38095/</link>
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-38095/</guid>
<description>WordPress Advanced Dynamic Pricing for WooCommerce plugin &amp;lt;= 4.1.3 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-38134</title>
<link>https://daffa.info/cve/cve-2022-38134/</link>
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-38134/</guid>
<description>WordPress Customer Reviews for WooCommerce plugin &amp;lt;= 5.3.5 - Authenticated Broken Access Control</description>
</item>
<item>
<title>CVE-2022-40132</title>
<link>https://daffa.info/cve/cve-2022-40132/</link>
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-40132/</guid>
<description>WordPress Seriously Simple Podcasting plugin &amp;lt;= 2.16.0 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-40194</title>
<link>https://daffa.info/cve/cve-2022-40194/</link>
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-40194/</guid>
<description>WordPress Customer Reviews for WooCommerce plugin &amp;lt;= 5.3.5 - Sensitive Information Disclosure</description>
</item>
<item>
<title>CVE-2022-38470</title>
<link>https://daffa.info/cve/cve-2022-38470/</link>
<pubDate>Thu, 22 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-38470/</guid>
<description>WordPress Customer Reviews for WooCommerce plugin &amp;lt;= 5.3.5 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-36282</title>
<link>https://daffa.info/cve/cve-2022-36282/</link>
<pubDate>Tue, 23 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-36282/</guid>
<description>Search Exclude &amp;lt; 1.2.7 - Author&#43; Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2022-34347</title>
<link>https://daffa.info/cve/cve-2022-34347/</link>
<pubDate>Mon, 22 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-34347/</guid>
<description>Download Manager &amp;lt; 3.2.49 - Clear Stats &amp;amp; Cache via CSRF</description>
</item>
<item>
<title>CVE-2022-36346</title>
<link>https://daffa.info/cve/cve-2022-36346/</link>
<pubDate>Mon, 22 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-36346/</guid>
<description>MaxButtons &amp;lt; 9.3 - Arbitrary Settings Update via CSRF</description>
</item>
<item>
<title>CVE-2022-33201</title>
<link>https://daffa.info/cve/cve-2022-33201/</link>
<pubDate>Sun, 08 May 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-33201/</guid>
<description>MailerLite - Signup forms (official) &amp;lt; 1.5.7 - API Key Update via CSRF</description>
</item>
<item>
<title>CVE-2022-27848</title>
<link>https://daffa.info/cve/cve-2022-27848/</link>
<pubDate>Thu, 14 Apr 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-27848/</guid>
<description>Modern Events Calendar Lite &amp;lt; 6.5.2 - Admin&#43; Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2022-27844</title>
<link>https://daffa.info/cve/cve-2022-27844/</link>
<pubDate>Mon, 11 Apr 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-27844/</guid>
<description>WPvivid Backup and Migration Plugin &amp;lt; 0.9.71 - Admin&#43; Arbitrary File Download</description>
</item>
<item>
<title>CVE-2022-25618</title>
<link>https://daffa.info/cve/cve-2022-25618/</link>
<pubDate>Mon, 04 Apr 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-25618/</guid>
<description>wpDataTables &amp;lt; 2.1.28 - Admin&#43; Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2022-38704</title>
<link>https://daffa.info/cve/cve-2022-38704/</link>
<pubDate>Wed, 23 Feb 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-38704/</guid>
<description>WordPress SEO Redirection plugin &amp;lt;= 8.9 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-23983</title>
<link>https://daffa.info/cve/cve-2022-23983/</link>
<pubDate>Mon, 21 Feb 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-23983/</guid>
<description>WP Content Copy Protection &amp;amp; No Right Click &amp;lt; 3.4.5 - Settings Update via CSRF</description>
</item>
<item>
<title>CVE-2022-23984</title>
<link>https://daffa.info/cve/cve-2022-23984/</link>
<pubDate>Mon, 21 Feb 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-23984/</guid>
<description>wpDiscuz &amp;lt; 7.3.12 - Sensitive Information Disclosure</description>
</item>
<item>
<title>CVE-2021-24561</title>
<link>https://daffa.info/cve/cve-2021-24561/</link>
<pubDate>Mon, 26 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2021-24561/</guid>
<description>WP SMS &amp;lt; 5.4.13 - Authenticated Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2021-24531</title>
<link>https://daffa.info/cve/cve-2021-24531/</link>
<pubDate>Wed, 21 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2021-24531/</guid>
<description>Charitable - Donation Plugin &amp;lt; 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/cve/cve-2021-24519/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2021-24519/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<language>en</language>
<lastBuildDate>Sat, 09 Mar 2019 00:00:00 +0000</lastBuildDate><atom:link href="https://daffa.info/cve/index.xml" rel="self" type="application/rss+xml" />
</channel>
</rss>

2
public/cve/page/1/index.html
View File

@ -1 +1 @@
<!doctype html><html><head><title>https://daffa.info/cve/</title><link rel=canonical href=https://daffa.info/cve/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/cve/"></head></html>
<!doctype html><html lang=en><head><title>https://daffa.info/cve/</title><link rel=canonical href=https://daffa.info/cve/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/cve/"></head></html>

2
public/index.html
View File

File diff suppressed because one or more lines are too long

193
public/index.xml
View File

@ -9,196 +9,7 @@
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Mon, 26 Sep 2022 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>CVE-2022-32587</title>
<link>https://daffa.info/cve/cve-2022-32587/</link>
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-32587/</guid>
<description>WordPress WP Page Widget plugin &amp;lt;= 3.9 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-38137</title>
<link>https://daffa.info/cve/cve-2022-38137/</link>
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-38137/</guid>
<description>WordPress Analytify plugin &amp;lt;= 4.2.2 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-36340</title>
<link>https://daffa.info/cve/cve-2022-36340/</link>
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-36340/</guid>
<description>WordPress MailOptin plugin &amp;lt;= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion</description>
</item>
<item>
<title>CVE-2022-38095</title>
<link>https://daffa.info/cve/cve-2022-38095/</link>
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-38095/</guid>
<description>WordPress Advanced Dynamic Pricing for WooCommerce plugin &amp;lt;= 4.1.3 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-38134</title>
<link>https://daffa.info/cve/cve-2022-38134/</link>
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-38134/</guid>
<description>WordPress Customer Reviews for WooCommerce plugin &amp;lt;= 5.3.5 - Authenticated Broken Access Control</description>
</item>
<item>
<title>CVE-2022-40132</title>
<link>https://daffa.info/cve/cve-2022-40132/</link>
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-40132/</guid>
<description>WordPress Seriously Simple Podcasting plugin &amp;lt;= 2.16.0 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-40194</title>
<link>https://daffa.info/cve/cve-2022-40194/</link>
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-40194/</guid>
<description>WordPress Customer Reviews for WooCommerce plugin &amp;lt;= 5.3.5 - Sensitive Information Disclosure</description>
</item>
<item>
<title>CVE-2022-38470</title>
<link>https://daffa.info/cve/cve-2022-38470/</link>
<pubDate>Thu, 22 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-38470/</guid>
<description>WordPress Customer Reviews for WooCommerce plugin &amp;lt;= 5.3.5 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-36282</title>
<link>https://daffa.info/cve/cve-2022-36282/</link>
<pubDate>Tue, 23 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-36282/</guid>
<description>Search Exclude &amp;lt; 1.2.7 - Author&#43; Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2022-34347</title>
<link>https://daffa.info/cve/cve-2022-34347/</link>
<pubDate>Mon, 22 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-34347/</guid>
<description>Download Manager &amp;lt; 3.2.49 - Clear Stats &amp;amp; Cache via CSRF</description>
</item>
<item>
<title>CVE-2022-36346</title>
<link>https://daffa.info/cve/cve-2022-36346/</link>
<pubDate>Mon, 22 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-36346/</guid>
<description>MaxButtons &amp;lt; 9.3 - Arbitrary Settings Update via CSRF</description>
</item>
<item>
<title>CVE-2022-33201</title>
<link>https://daffa.info/cve/cve-2022-33201/</link>
<pubDate>Sun, 08 May 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-33201/</guid>
<description>MailerLite - Signup forms (official) &amp;lt; 1.5.7 - API Key Update via CSRF</description>
</item>
<item>
<title>CVE-2022-27848</title>
<link>https://daffa.info/cve/cve-2022-27848/</link>
<pubDate>Thu, 14 Apr 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-27848/</guid>
<description>Modern Events Calendar Lite &amp;lt; 6.5.2 - Admin&#43; Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2022-27844</title>
<link>https://daffa.info/cve/cve-2022-27844/</link>
<pubDate>Mon, 11 Apr 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-27844/</guid>
<description>WPvivid Backup and Migration Plugin &amp;lt; 0.9.71 - Admin&#43; Arbitrary File Download</description>
</item>
<item>
<title>CVE-2022-25618</title>
<link>https://daffa.info/cve/cve-2022-25618/</link>
<pubDate>Mon, 04 Apr 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-25618/</guid>
<description>wpDataTables &amp;lt; 2.1.28 - Admin&#43; Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2022-38704</title>
<link>https://daffa.info/cve/cve-2022-38704/</link>
<pubDate>Wed, 23 Feb 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-38704/</guid>
<description>WordPress SEO Redirection plugin &amp;lt;= 8.9 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-23983</title>
<link>https://daffa.info/cve/cve-2022-23983/</link>
<pubDate>Mon, 21 Feb 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-23983/</guid>
<description>WP Content Copy Protection &amp;amp; No Right Click &amp;lt; 3.4.5 - Settings Update via CSRF</description>
</item>
<item>
<title>CVE-2022-23984</title>
<link>https://daffa.info/cve/cve-2022-23984/</link>
<pubDate>Mon, 21 Feb 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-23984/</guid>
<description>wpDiscuz &amp;lt; 7.3.12 - Sensitive Information Disclosure</description>
</item>
<item>
<title>CVE-2021-24561</title>
<link>https://daffa.info/cve/cve-2021-24561/</link>
<pubDate>Mon, 26 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2021-24561/</guid>
<description>WP SMS &amp;lt; 5.4.13 - Authenticated Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2021-24531</title>
<link>https://daffa.info/cve/cve-2021-24531/</link>
<pubDate>Wed, 21 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2021-24531/</guid>
<description>Charitable - Donation Plugin &amp;lt; 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/cve/cve-2021-24519/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2021-24519/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<language>en</language>
<lastBuildDate>Sat, 09 Mar 2019 00:00:00 +0000</lastBuildDate><atom:link href="https://daffa.info/index.xml" rel="self" type="application/rss+xml" />
</channel>
</rss>

1
public/page/1/index.html
View File

@ -1 +0,0 @@
<!doctype html><html><head><title>https://daffa.info/</title><link rel=canonical href=https://daffa.info/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/"></head></html>

169
public/portfolio/cve/cve-2021-24519/index.html
View File

@ -1,169 +0,0 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2021-24519/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2021-24519/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nInstallation Number 1,000+\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"64","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2021-24519/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#installation-number>Installation Number</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
<p>1,000+</p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2021-24531/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24531</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-23983/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

169
public/portfolio/cve/cve-2021-24531/index.html
View File

@ -1,169 +0,0 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24531 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Charitable - Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24531">
<meta property="og:description" content="Charitable - Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2021-24531/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-21T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-21T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24531">
<meta name=twitter:description content="Charitable - Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24531","item":"https://daffa.info/portfolio/cve/cve-2021-24531/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24531","name":"CVE-2021-24531","description":"Charitable - Donation Plugin ","keywords":["cve"],"articleBody":"Description The Charitable - Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.\nPlugin Name Charitable\nInstallation Number 10,000+\nAffected Version Fixed Version 1.6.51\nAdvisory Link MITRE WPScan ","wordCount":"44","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-21T11:30:03Z","dateModified":"2021-07-21T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2021-24531/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24531
</h1>
<div class=post-description>
Charitable - Donation Plugin &lt; 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-21 11:30:03 +0000 UTC">July 21, 2021</span>&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#installation-number>Installation Number</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The Charitable - Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/charitable/>Charitable</a></p>
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
<p>10,000+</p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.6.50</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.6.51</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24531">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/a5837621-ee6e-4876-9f65-82658fc0341f>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2021-24561/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24561</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2021-24519/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24531&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f&title=CVE-2021-24531&summary=CVE-2021-24531&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f&title=CVE-2021-24531"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24531%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24531&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

164
public/portfolio/cve/cve-2021-24561/index.html
View File

@ -1,164 +0,0 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24561 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24561">
<meta property="og:description" content="WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2021-24561/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-26T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-26T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24561">
<meta name=twitter:description content="WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24561","item":"https://daffa.info/portfolio/cve/cve-2021-24561/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24561","name":"CVE-2021-24561","description":"WP SMS ","keywords":["cve"],"articleBody":"Description The WP SMS WordPress plugin before 5.4.13 does not sanitise the “wp_group_name” parameter before outputting it back in the “Groups” page, leading to an Authenticated Stored Cross-Site Scripting issue\nPlugin Name WP SMS Messaging \u0026 SMS Notification for WordPress, WooCommerce, GravityForms, etc\nInstallation Number 8,000+\nAffected Version Fixed Version 5.4.13\nAdvisory link MITRE WPScan ","wordCount":"58","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-26T11:30:03Z","dateModified":"2021-07-26T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2021-24561/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24561
</h1>
<div class=post-description>
WP SMS &lt; 5.4.13 - Authenticated Stored Cross-Site Scripting
</div>
<div class=post-meta><span title="2021-07-26 11:30:03 +0000 UTC">July 26, 2021</span>&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#installation-number>Installation Number</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The WP SMS WordPress plugin before 5.4.13 does not sanitise the &ldquo;wp_group_name&rdquo; parameter before outputting it back in the &ldquo;Groups&rdquo; page, leading to an Authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/wp-sms/>WP SMS Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc</a></p>
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
<p>8,000+</p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 5.4.12</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>5.4.13</p>
<h2 id=advisory-link>Advisory link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24561">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/5433ef4c-4451-4b6e-992b-69c5eccabf90>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=next href=https://daffa.info/portfolio/cve/cve-2021-24531/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24531</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24561&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f&title=CVE-2021-24561&summary=CVE-2021-24561&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f&title=CVE-2021-24561"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24561%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24561&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

166
public/portfolio/cve/cve-2022-23983/index.html
View File

@ -1,166 +0,0 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-23983/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-23983/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-23983/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2021-24519/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-23984/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

166
public/portfolio/cve/cve-2022-23984/index.html
View File

@ -1,166 +0,0 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-23984/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-23984/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-23984/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-23983/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-25618/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

166
public/portfolio/cve/cve-2022-25618/index.html
View File

@ -1,166 +0,0 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-25618/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-25618/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-25618/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-23984/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-27844/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

166
public/portfolio/cve/cve-2022-27844/index.html
View File

@ -1,166 +0,0 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-27844/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-27844/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-27844/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-25618/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-27848/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

166
public/portfolio/cve/cve-2022-27848/index.html
View File

@ -1,166 +0,0 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-27848/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-27848/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-27848/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-27844/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-33201/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

166
public/portfolio/cve/cve-2022-33201/index.html
View File

@ -1,166 +0,0 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-33201/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-33201/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-33201/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-27848/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-34347/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

166
public/portfolio/cve/cve-2022-34347/index.html
View File

@ -1,166 +0,0 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-34347/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-34347/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-34347/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-33201/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-36282/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

166
public/portfolio/cve/cve-2022-36282/index.html
View File

@ -1,166 +0,0 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-36282/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-36282/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-36282/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-34347/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-36346/>
<span class=title>Next »</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

161
public/portfolio/cve/cve-2022-36346/index.html
View File

@ -1,161 +0,0 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-36346/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-36346/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-36346/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/>Placeholder Text</a>&nbsp;»&nbsp;<a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<nav class=paginav>
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-36282/>
<span class=title>« Prev</span>
<br>
<span>CVE-2021-24519</span>
</a>
</nav>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

172
public/portfolio/cve/index.html
View File

@ -1,172 +0,0 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVEs | Muhammad Daffa</title>
<meta name=keywords content>
<meta name=description content="List of all my CVEs">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://daffa.info/portfolio/cve/>
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<link rel=alternate type=application/rss+xml href=https://daffa.info/portfolio/cve/index.xml>
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVEs">
<meta property="og:description" content="Portfolio by Muhammad Daffa">
<meta property="og:type" content="website">
<meta property="og:url" content="https://daffa.info/portfolio/cve/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
<meta name=twitter:title content="CVEs">
<meta name=twitter:description content="Portfolio by Muhammad Daffa">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"}]}</script>
</head>
<body class=list id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
</button>
<ul class="menu hidden">
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/portfolio/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
<span>Search</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<header class=page-header>
<h1>CVEs</h1>
</header>
<div class=archive-year>
<h2 class=archive-year-header>2021<sup class=archive-count>&nbsp;&nbsp;12</sup>
</h2>
<div class=archive-month>
<h3 class=archive-month-header>July<sup class=archive-count>&nbsp;&nbsp;12</sup></h3>
<div class=archive-posts>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24561
</h3>
<div class=archive-meta><span title="2021-07-26 11:30:03 +0000 UTC">July 26, 2021</span>&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24561" href=https://daffa.info/portfolio/cve/cve-2021-24561/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24531
</h3>
<div class=archive-meta><span title="2021-07-21 11:30:03 +0000 UTC">July 21, 2021</span>&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24531" href=https://daffa.info/portfolio/cve/cve-2021-24531/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2021-24519/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-23983/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-23984/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-25618/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-27844/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-27848/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-33201/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-34347/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-36282/></a>
</div>
<div class=archive-entry>
<h3 class=archive-entry-title>CVE-2021-24519
</h3>
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</div>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-36346/></a>
</div>
</div>
</div>
</div>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

122
public/portfolio/cve/index.xml
View File

@ -1,122 +0,0 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
<channel>
<title>CVEs on Muhammad Daffa</title>
<link>https://daffa.info/portfolio/cve/</link>
<description>Recent content in CVEs on Muhammad Daffa</description>
<image>
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Mon, 26 Jul 2021 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/portfolio/cve/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>CVE-2021-24561</title>
<link>https://daffa.info/portfolio/cve/cve-2021-24561/</link>
<pubDate>Mon, 26 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2021-24561/</guid>
<description>WP SMS &amp;lt; 5.4.13 - Authenticated Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2021-24531</title>
<link>https://daffa.info/portfolio/cve/cve-2021-24531/</link>
<pubDate>Wed, 21 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2021-24531/</guid>
<description>Charitable - Donation Plugin &amp;lt; 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2021-24519/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2021-24519/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2022-23983/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2022-23983/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2022-23984/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2022-23984/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2022-25618/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2022-25618/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2022-27844/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2022-27844/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2022-27848/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2022-27848/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2022-33201/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2022-33201/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2022-34347/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2022-34347/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2022-36282/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2022-36282/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/portfolio/cve/cve-2022-36346/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/portfolio/cve/cve-2022-36346/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
</channel>
</rss>

4
public/portfolio/index.html
View File

File diff suppressed because one or more lines are too long

1
public/portfolio/index.xml
View File

@ -9,6 +9,7 @@
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<language>en</language>
<lastBuildDate>Sat, 09 Mar 2019 00:00:00 +0000</lastBuildDate><atom:link href="https://daffa.info/portfolio/index.xml" rel="self" type="application/rss+xml" />
</channel>
</rss>

151
public/posts/cve-2021-24519/index.html
View File

@ -1,151 +0,0 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE-2021-24519 | Muhammad Daffa</title>
<meta name=keywords content="cve">
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://canonical.url/to/page>
<link crossorigin=anonymous href=/assets/css/stylesheet.bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20.css integrity="sha256-vBFJ9KcqpIWNOp9xRi915YhP/oBz6p1tV2HVZj1lHiA=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE-2021-24519">
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/posts/cve-2021-24519/">
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="posts">
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
<meta name=twitter:title content="CVE-2021-24519">
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https://daffa.info/posts/"},{"@type":"ListItem","position":2,"name":"CVE-2021-24519","item":"https://daffa.info/posts/cve-2021-24519/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/posts/cve-2021-24519/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<ul id=menu>
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/cve/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=mailto:muhammaddaffa.info@gmail.com title="Contact Me">
<span>Contact Me</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/posts/>Posts</a></div>
<h1 class=post-title>
CVE-2021-24519
</h1>
<div class=post-description>
Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
</div>
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header> <div class=toc>
<details open>
<summary accesskey=c title="(Alt + C)">
<span class=details>Table of Contents</span>
</summary>
<div class=inner><nav id=TableOfContents>
<ul>
<li><a href=#description>Description</a></li>
<li><a href=#plugin-name>Plugin Name</a></li>
<li><a href=#affected-version>Affected Version</a></li>
<li><a href=#fixed-version>Fixed Version</a></li>
<li><a href=#advisory-link>Advisory Link</a></li>
</ul>
</nav>
</div>
</details>
</div>
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the &lsquo;Text Next to Icon&rsquo; field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
<p>&lt;= 1.1.9</p>
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
<p>1.1.10</p>
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
</ul>
</div>
<footer class=post-footer>
<ul class=post-tags>
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
</ul>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

116
public/posts/cve-2021-24561/index.html
View File

@ -1,116 +0,0 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>CVE 2021 24561 | Muhammad Daffa</title>
<meta name=keywords content>
<meta name=description content="CVE 2021 24561 - Muhammad Daffa">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://daffa.info/posts/cve-2021-24561/>
<link crossorigin=anonymous href=/assets/css/stylesheet.bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20.css integrity="sha256-vBFJ9KcqpIWNOp9xRi915YhP/oBz6p1tV2HVZj1lHiA=" rel="preload stylesheet" as=style>
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="CVE 2021 24561">
<meta property="og:description" content>
<meta property="og:type" content="article">
<meta property="og:url" content="https://daffa.info/posts/cve-2021-24561/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="article:section" content="posts">
<meta property="article:published_time" content="2022-09-09T17:01:20+00:00">
<meta property="article:modified_time" content="2022-09-09T17:01:20+00:00"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
<meta name=twitter:title content="CVE 2021 24561">
<meta name=twitter:description content>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https://daffa.info/posts/"},{"@type":"ListItem","position":2,"name":"CVE 2021 24561","item":"https://daffa.info/posts/cve-2021-24561/"}]}</script>
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE 2021 24561","name":"CVE 2021 24561","description":"","keywords":[],"articleBody":"","wordCount":"0","inLanguage":"en","datePublished":"2022-09-09T17:01:20Z","dateModified":"2022-09-09T17:01:20Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/posts/cve-2021-24561/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
</head>
<body id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<ul id=menu>
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/cve/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=mailto:muhammaddaffa.info@gmail.com title="Contact Me">
<span>Contact Me</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<article class=post-single>
<header class=post-header>
<div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/posts/>Posts</a></div>
<h1 class=post-title>
CVE 2021 24561<sup><span class=entry-isdraft>&nbsp;&nbsp;[draft]</span></sup>
</h1>
<div class=post-meta><span title="2022-09-09 17:01:20 +0000 UTC">September 9, 2022</span>&nbsp;·&nbsp;0 min&nbsp;·&nbsp;0 words&nbsp;·&nbsp;Muhammad Daffa
</div>
</header>
<footer class=post-footer>
<ul class=post-tags>
</ul>
<div class=share-buttons>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE 2021 24561 on twitter" href="https://twitter.com/intent/tweet/?text=CVE%202021%2024561&url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f&hashtags="><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE 2021 24561 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f&title=CVE%202021%2024561&summary=CVE%202021%2024561&source=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE 2021 24561 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f&title=CVE%202021%2024561"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE 2021 24561 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE 2021 24561 on whatsapp" href="https://api.whatsapp.com/send?text=CVE%202021%2024561%20-%20https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
</a>
<a target=_blank rel="noopener noreferrer" aria-label="share CVE 2021 24561 on telegram" href="https://telegram.me/share/url?text=CVE%202021%2024561&url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
</a>
</div>
</footer>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

118
public/posts/index.html
View File

@ -1,118 +0,0 @@
<!doctype html><html lang=en dir=auto>
<head><meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
<meta name=robots content="index, follow">
<title>Posts | Muhammad Daffa</title>
<meta name=keywords content>
<meta name=description content="Posts - Muhammad Daffa">
<meta name=author content="Muhammad Daffa">
<link rel=canonical href=https://daffa.info/posts/>
<link crossorigin=anonymous href=/assets/css/stylesheet.bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20.css integrity="sha256-vBFJ9KcqpIWNOp9xRi915YhP/oBz6p1tV2HVZj1lHiA=" rel="preload stylesheet" as=style>
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
<meta name=theme-color content="#2e2e33">
<meta name=msapplication-TileColor content="#2e2e33">
<link rel=alternate type=application/rss+xml href=https://daffa.info/posts/index.xml>
<noscript>
<style>#theme-toggle,.top-link{display:none}</style>
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
</noscript><meta property="og:title" content="Posts">
<meta property="og:description" content="Portfolio by Muhammad Daffa">
<meta property="og:type" content="website">
<meta property="og:url" content="https://daffa.info/posts/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa">
<meta name=twitter:card content="summary_large_image">
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
<meta name=twitter:title content="Posts">
<meta name=twitter:description content="Portfolio by Muhammad Daffa">
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https://daffa.info/posts/"}]}</script>
</head>
<body class=list id=top>
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
<header class=header>
<nav class=nav>
<div class=logo>
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
<div class=logo-switches>
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
</button>
</div>
</div>
<ul id=menu>
<li>
<a href=https://daffa.info/profile/ title=About>
<span>About</span>
</a>
</li>
<li>
<a href=https://daffa.info/blog/ title=Blog>
<span>Blog</span>
</a>
</li>
<li>
<a href=https://daffa.info/cve/ title=Portfolio>
<span>Portfolio</span>
</a>
</li>
<li>
<a href=mailto:muhammaddaffa.info@gmail.com title="Contact Me">
<span>Contact Me</span>
</a>
</li>
</ul>
</nav>
</header>
<main class=main>
<header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a></div>
<h1>
Posts
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg>
</a>
</h1>
</header>
<article class=post-entry>
<header class=entry-header>
<h2>CVE 2021 24561<sup><span class=entry-isdraft>&nbsp;&nbsp;[draft]</span></sup>
</h2>
</header>
<div class=entry-content>
<p></p>
</div>
<footer class=entry-footer><span title="2022-09-09 17:01:20 +0000 UTC">September 9, 2022</span>&nbsp;·&nbsp;0 min&nbsp;·&nbsp;0 words&nbsp;·&nbsp;Muhammad Daffa</footer>
<a class=entry-link aria-label="post link to CVE 2021 24561" href=https://daffa.info/posts/cve-2021-24561/></a>
</article>
<article class=post-entry>
<header class=entry-header>
<h2>CVE-2021-24519
</h2>
</header>
<div class=entry-content>
<p>Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the Text Next to Icon field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue
Plugin Name VikRentCar
Affected Version &lt;= 1.1.9
Fixed Version 1.1.10
Advisory Link MITRE WPScan </p>
</div>
<footer class=entry-footer><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;61 words&nbsp;·&nbsp;Muhammad Daffa</footer>
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/posts/cve-2021-24519/></a>
</article>
</main>
<footer class=footer>
<span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>
Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
</span>
</footer>
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
</a>
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
</body>
</html>

32
public/posts/index.xml
View File

@ -1,32 +0,0 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
<channel>
<title>Posts on Muhammad Daffa</title>
<link>https://daffa.info/posts/</link>
<description>Recent content in Posts on Muhammad Daffa</description>
<image>
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Fri, 09 Sep 2022 17:01:20 +0000</lastBuildDate><atom:link href="https://daffa.info/posts/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>CVE 2021 24561</title>
<link>https://daffa.info/posts/cve-2021-24561/</link>
<pubDate>Fri, 09 Sep 2022 17:01:20 +0000</pubDate>
<guid>https://daffa.info/posts/cve-2021-24561/</guid>
<description></description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/posts/cve-2021-24519/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/posts/cve-2021-24519/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
</channel>
</rss>

1
public/posts/page/1/index.html
View File

@ -1 +0,0 @@
<!doctype html><html><head><title>https://daffa.info/posts/</title><link rel=canonical href=https://daffa.info/posts/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/posts/"></head></html>

5
public/search/index.html
View File

File diff suppressed because one or more lines are too long

87
public/sitemap.xml
View File

@ -2,88 +2,16 @@
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
xmlns:xhtml="http://www.w3.org/1999/xhtml">
<url>
<loc>https://daffa.info/tags/cve/</loc>
<lastmod>2022-09-26T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-32587/</loc>
<lastmod>2022-09-26T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-38137/</loc>
<lastmod>2022-09-26T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/</loc>
<lastmod>2022-09-26T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/</loc>
<lastmod>2022-09-26T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/tags/</loc>
<lastmod>2022-09-26T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-36340/</loc>
<lastmod>2022-09-23T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-38095/</loc>
<lastmod>2022-09-23T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-38134/</loc>
<lastmod>2022-09-23T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-40132/</loc>
<lastmod>2022-09-23T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-40194/</loc>
<lastmod>2022-09-23T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-38470/</loc>
<lastmod>2022-09-22T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-36282/</loc>
<lastmod>2022-08-23T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-34347/</loc>
<lastmod>2022-08-22T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-36346/</loc>
<lastmod>2022-08-22T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-33201/</loc>
<lastmod>2022-05-08T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-27848/</loc>
<lastmod>2022-04-14T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-27844/</loc>
<lastmod>2022-04-11T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-25618/</loc>
<lastmod>2022-04-04T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-38704/</loc>
<lastmod>2022-02-23T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-23983/</loc>
<lastmod>2022-02-21T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2022-23984/</loc>
<lastmod>2022-02-21T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2021-24561/</loc>
<lastmod>2021-07-26T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2021-24531/</loc>
<lastmod>2021-07-21T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/cve/cve-2021-24519/</loc>
<lastmod>2021-07-19T11:30:03+00:00</lastmod>
</url><url>
<loc>https://daffa.info/about/</loc>
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
</url><url>
<loc>https://daffa.info/blog/</loc>
<loc>https://daffa.info/cve/</loc>
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
</url><url>
<loc>https://daffa.info/achievements/</loc>
<loc>https://daffa.info/</loc>
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
</url><url>
<loc>https://daffa.info/bug-hunting/</loc>
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
</url><url>
<loc>https://daffa.info/portfolio/</loc>
@ -92,8 +20,9 @@
<loc>https://daffa.info/tags/profile/</loc>
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
</url><url>
<loc>https://daffa.info/categories/</loc>
<loc>https://daffa.info/tags/</loc>
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
</url><url>
<loc>https://daffa.info/search/</loc>
<loc>https://daffa.info/categories/</loc>
</url>
</urlset>

29
public/tags/cve/index.html
View File

@ -1,29 +0,0 @@
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>cve | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/tags/cve/><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://daffa.info/tags/cve/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="cve"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/tags/cve/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="cve"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/blog/ title=Blog><span>Blog</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li><li><a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/><span>Search</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/tags/>Tags</a></div><h1>cve
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-32587</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin &lt;= 3.9 on WordPress leading to plugin settings change.
Plugin Name WP Page Widget
Installation Number 60,000+
Affected Version &lt;= 3.9
Fixed Version 4.0
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-32587" href=https://daffa.info/cve/cve-2022-32587/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-38137</h2></header><div class=entry-content><p>Description Plugin Name Analytify Google Analytics Dashboard For WordPress
Installation Number 60,000+
Affected Version &lt;= 4.2.2
Fixed Version 4.2.3
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-38137" href=https://daffa.info/cve/cve-2022-38137/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-36340</h2></header><div class=entry-content><p>Description Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin &lt;= 1.2.49.0 at WordPress.
Plugin Name Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber MailOptin
Installation Number 30,000+
Affected Version &lt;= 1.2.49.0
Fixed Version 1.2.50.0
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-36340" href=https://daffa.info/cve/cve-2022-36340/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-38095</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin &lt;= 4.1.3 at WordPress.
Plugin Name Advanced Dynamic Pricing for WooCommerce
Installation Number 20,000+
Affected Version &lt;= 4.1.3
Fixed Version 4.1.4
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-38095" href=https://daffa.info/cve/cve-2022-38095/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-38134</h2></header><div class=entry-content><p>Description Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin &lt;= 5.3.5 at WordPress.
Plugin Name Customer Reviews for WooCommerce
Installation Number 50,000+
Affected Version &lt;= 5.3.5
Fixed Version 5.3.6
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-38134" href=https://daffa.info/cve/cve-2022-38134/></a></article><footer class=page-footer><nav class=pagination><a class=next href=https://daffa.info/tags/cve/page/2/>Next&nbsp;&nbsp;»</a></nav></footer></main><footer class=footer><span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(e){b.contains(e.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>

203
public/tags/cve/index.xml
View File

@ -1,203 +0,0 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
<channel>
<title>cve on Muhammad Daffa</title>
<link>https://daffa.info/tags/cve/</link>
<description>Recent content in cve on Muhammad Daffa</description>
<image>
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
</image>
<generator>Hugo -- gohugo.io</generator>
<lastBuildDate>Mon, 26 Sep 2022 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/tags/cve/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>CVE-2022-32587</title>
<link>https://daffa.info/cve/cve-2022-32587/</link>
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-32587/</guid>
<description>WordPress WP Page Widget plugin &amp;lt;= 3.9 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-38137</title>
<link>https://daffa.info/cve/cve-2022-38137/</link>
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-38137/</guid>
<description>WordPress Analytify plugin &amp;lt;= 4.2.2 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-36340</title>
<link>https://daffa.info/cve/cve-2022-36340/</link>
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-36340/</guid>
<description>WordPress MailOptin plugin &amp;lt;= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion</description>
</item>
<item>
<title>CVE-2022-38095</title>
<link>https://daffa.info/cve/cve-2022-38095/</link>
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-38095/</guid>
<description>WordPress Advanced Dynamic Pricing for WooCommerce plugin &amp;lt;= 4.1.3 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-38134</title>
<link>https://daffa.info/cve/cve-2022-38134/</link>
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-38134/</guid>
<description>WordPress Customer Reviews for WooCommerce plugin &amp;lt;= 5.3.5 - Authenticated Broken Access Control</description>
</item>
<item>
<title>CVE-2022-40132</title>
<link>https://daffa.info/cve/cve-2022-40132/</link>
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-40132/</guid>
<description>WordPress Seriously Simple Podcasting plugin &amp;lt;= 2.16.0 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-40194</title>
<link>https://daffa.info/cve/cve-2022-40194/</link>
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-40194/</guid>
<description>WordPress Customer Reviews for WooCommerce plugin &amp;lt;= 5.3.5 - Sensitive Information Disclosure</description>
</item>
<item>
<title>CVE-2022-38470</title>
<link>https://daffa.info/cve/cve-2022-38470/</link>
<pubDate>Thu, 22 Sep 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-38470/</guid>
<description>WordPress Customer Reviews for WooCommerce plugin &amp;lt;= 5.3.5 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-36282</title>
<link>https://daffa.info/cve/cve-2022-36282/</link>
<pubDate>Tue, 23 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-36282/</guid>
<description>Search Exclude &amp;lt; 1.2.7 - Author&#43; Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2022-34347</title>
<link>https://daffa.info/cve/cve-2022-34347/</link>
<pubDate>Mon, 22 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-34347/</guid>
<description>Download Manager &amp;lt; 3.2.49 - Clear Stats &amp;amp; Cache via CSRF</description>
</item>
<item>
<title>CVE-2022-36346</title>
<link>https://daffa.info/cve/cve-2022-36346/</link>
<pubDate>Mon, 22 Aug 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-36346/</guid>
<description>MaxButtons &amp;lt; 9.3 - Arbitrary Settings Update via CSRF</description>
</item>
<item>
<title>CVE-2022-33201</title>
<link>https://daffa.info/cve/cve-2022-33201/</link>
<pubDate>Sun, 08 May 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-33201/</guid>
<description>MailerLite - Signup forms (official) &amp;lt; 1.5.7 - API Key Update via CSRF</description>
</item>
<item>
<title>CVE-2022-27848</title>
<link>https://daffa.info/cve/cve-2022-27848/</link>
<pubDate>Thu, 14 Apr 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-27848/</guid>
<description>Modern Events Calendar Lite &amp;lt; 6.5.2 - Admin&#43; Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2022-27844</title>
<link>https://daffa.info/cve/cve-2022-27844/</link>
<pubDate>Mon, 11 Apr 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-27844/</guid>
<description>WPvivid Backup and Migration Plugin &amp;lt; 0.9.71 - Admin&#43; Arbitrary File Download</description>
</item>
<item>
<title>CVE-2022-25618</title>
<link>https://daffa.info/cve/cve-2022-25618/</link>
<pubDate>Mon, 04 Apr 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-25618/</guid>
<description>wpDataTables &amp;lt; 2.1.28 - Admin&#43; Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2022-38704</title>
<link>https://daffa.info/cve/cve-2022-38704/</link>
<pubDate>Wed, 23 Feb 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-38704/</guid>
<description>WordPress SEO Redirection plugin &amp;lt;= 8.9 - Cross-Site Request Forgery</description>
</item>
<item>
<title>CVE-2022-23983</title>
<link>https://daffa.info/cve/cve-2022-23983/</link>
<pubDate>Mon, 21 Feb 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-23983/</guid>
<description>WP Content Copy Protection &amp;amp; No Right Click &amp;lt; 3.4.5 - Settings Update via CSRF</description>
</item>
<item>
<title>CVE-2022-23984</title>
<link>https://daffa.info/cve/cve-2022-23984/</link>
<pubDate>Mon, 21 Feb 2022 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2022-23984/</guid>
<description>wpDiscuz &amp;lt; 7.3.12 - Sensitive Information Disclosure</description>
</item>
<item>
<title>CVE-2021-24561</title>
<link>https://daffa.info/cve/cve-2021-24561/</link>
<pubDate>Mon, 26 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2021-24561/</guid>
<description>WP SMS &amp;lt; 5.4.13 - Authenticated Stored Cross-Site Scripting</description>
</item>
<item>
<title>CVE-2021-24531</title>
<link>https://daffa.info/cve/cve-2021-24531/</link>
<pubDate>Wed, 21 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2021-24531/</guid>
<description>Charitable - Donation Plugin &amp;lt; 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
<item>
<title>CVE-2021-24519</title>
<link>https://daffa.info/cve/cve-2021-24519/</link>
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
<guid>https://daffa.info/cve/cve-2021-24519/</guid>
<description>Vik Rent Car &amp;lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
</item>
</channel>
</rss>

1
public/tags/cve/page/1/index.html
View File

@ -1 +0,0 @@
<!doctype html><html lang=en><head><title>https://daffa.info/tags/cve/</title><link rel=canonical href=https://daffa.info/tags/cve/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/tags/cve/"></head></html>

31
public/tags/cve/page/2/index.html
View File

@ -1,31 +0,0 @@
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>cve | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/tags/cve/><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://daffa.info/tags/cve/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="cve"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/tags/cve/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="cve"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/blog/ title=Blog><span>Blog</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li><li><a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/><span>Search</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/tags/>Tags</a></div><h1>cve
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-40132</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin &lt;= 2.16.0 at WordPress, leading to plugin settings change.
Plugin Name Seriously Simple Podcasting
Installation Number 30,000+
Affected Version &lt;= 2.16.0
Fixed Version 2.16.1
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-40132" href=https://daffa.info/cve/cve-2022-40132/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-40194</h2></header><div class=entry-content><p>Description Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin &lt;= 5.3.5 at WordPress
Plugin Name Customer Reviews for WooCommerce
Installation Number 50,000+
Affected Version &lt;= 5.3.5
Fixed Version 5.3.6
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-40194" href=https://daffa.info/cve/cve-2022-40194/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-38470</h2></header><div class=entry-content><p>Description Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin &lt;= 5.3.5 at WordPress.
Plugin Name Customer Reviews for WooCommerce
Installation Number 50,000+
Affected Version &lt;= 5.3.5
Fixed Version 5.3.6
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-38470" href=https://daffa.info/cve/cve-2022-38470/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-36282</h2></header><div class=entry-content><p>Description Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiys Search Exclude plugin &lt;= 1.2.6 at WordPress.
Plugin Name Search Exclude
Installation Number 60,000+
Affected Version &lt;= 1.2.6
Fixed Version 1.2.7
Advisory Link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-08-23 11:30:03 +0000 UTC'>August 23, 2022</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-36282" href=https://daffa.info/cve/cve-2022-36282/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-34347</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin &lt;= 3.2.48 at WordPress.
Plugin Name Download Manager
Installation Number 100,000+
Affected Version &lt;= 3.2.48
Fixed Version 3.2.49
Advisory Link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-08-22 11:30:03 +0000 UTC'>August 22, 2022</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-34347" href=https://daffa.info/cve/cve-2022-34347/></a></article><footer class=page-footer><nav class=pagination><a class=prev href=https://daffa.info/tags/cve/>«&nbsp;Prev&nbsp;</a>
<a class=next href=https://daffa.info/tags/cve/page/3/>Next&nbsp;&nbsp;»</a></nav></footer></main><footer class=footer><span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(e){b.contains(e.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>

31
public/tags/cve/page/3/index.html
View File

@ -1,31 +0,0 @@
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>cve | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/tags/cve/><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://daffa.info/tags/cve/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="cve"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/tags/cve/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="cve"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/blog/ title=Blog><span>Blog</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li><li><a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/><span>Search</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a>&nbsp;»&nbsp;<a href=https://daffa.info/tags/>Tags</a></div><h1>cve
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-36346</h2></header><div class=entry-content><p>Description Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin &lt;= 9.2 at WordPress.
Plugin Name MaxButtons
Installation Number 100,000+
Affected Version &lt;= 9.2
Fixed Version 9.3
Advisory Link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-08-22 11:30:03 +0000 UTC'>August 22, 2022</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-36346" href=https://daffa.info/cve/cve-2022-36346/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-33201</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability in MailerLite Signup forms (official) plugin &lt;= 1.5.7 at WordPress allows an attacker to change the API key.
Plugin Name MailerLite Signup forms (official)
Installation Number 60,000+
Affected Version &lt;= 1.5.6
Fixed Version 1.5.7
Advisory link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-05-08 11:30:03 +0000 UTC'>May 8, 2022</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-33201" href=https://daffa.info/cve/cve-2022-33201/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-27848</h2></header><div class=entry-content><p>Description Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) &lt;= 6.5.1
Plugin Name Modern Events Calendar Lite
Installation Number 100,000+ (Closed)
Affected Version &lt;= 6.5.1
Fixed Version 6.5.2
Advisory link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-04-14 11:30:03 +0000 UTC'>April 14, 2022</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-27848" href=https://daffa.info/cve/cve-2022-27848/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-27844</h2></header><div class=entry-content><p>Description Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging WPvivid (WordPress plugin) versions &lt;= 0.9.70
Plugin Name WPvivid
Installation Number 200,000+
Affected Version &lt;= 0.9.70
Fixed Version 0.9.71
Advisory link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-04-11 11:30:03 +0000 UTC'>April 11, 2022</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-27844" href=https://daffa.info/cve/cve-2022-27844/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-25618</h2></header><div class=entry-content><p>Description Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions &lt;= 2.1.27
Plugin Name wpDataTables
Installation Number 60,000+
Affected Version &lt;= 2.1.27
Fixed Version 2.1.28
Advisory link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-04-04 11:30:03 +0000 UTC'>April 4, 2022</span>&nbsp;·&nbsp;Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-25618" href=https://daffa.info/cve/cve-2022-25618/></a></article><footer class=page-footer><nav class=pagination><a class=prev href=https://daffa.info/tags/cve/page/2/>«&nbsp;Prev&nbsp;</a>
<a class=next href=https://daffa.info/tags/cve/page/4/>Next&nbsp;&nbsp;»</a></nav></footer></main><footer class=footer><span>&copy; 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
<span>Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(e){b.contains(e.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>

Some files were not shown because too many files have changed in this diff Show More