feat: change some pages
parent
652a1d864c
commit
e2a15b792e
10
config.yml
10
config.yml
|
@ -122,15 +122,7 @@ menu:
|
|||
name: Portfolio
|
||||
url: /portfolio/
|
||||
weight: 20
|
||||
- identifier: blog
|
||||
name: Blog
|
||||
url: /blog/
|
||||
weight: 20
|
||||
- identifier: search
|
||||
name: Search
|
||||
url: /search/
|
||||
weight: 20
|
||||
# Read: https://github.com/adityatelange/hugo-PaperMod/wiki/FAQs#using-hugos-syntax-highlighter-chroma
|
||||
|
||||
pygmentsUseClasses: true
|
||||
markup:
|
||||
highlight:
|
||||
|
|
|
@ -14,9 +14,9 @@ ShowRssButtonInSectionTermList: false
|
|||
---
|
||||
|
||||
## Muhammad Daffa
|
||||
Hi! I'm Muhammad Daffa, you can call me Daffa. I started learning about cyber security between 2019 / 2020. I was interested in cybersecurity when my facebook friends posted about how they get money doing an activity called "bug bounty". From that post, I tried to learn more about cybersecurity, especially penetration testing on website
|
||||
Hello! I'm Muhammad Daffa, but you can call me Daffa. I began delving into cybersecurity around 2019 to 2020. My interest sparked when some of my Facebook friends posted about making money through an activity known as 'bug bounty.' Intrigued by their posts, I embarked on a journey to learn more about cybersecurity, with a specific focus on website penetration testing.
|
||||
|
||||
Don't ever think I'm a professional penetration tester :D. There are still a lot of things about cyber security that I haven't learned, such as doing penetration testing on Android, iOS, or even on the network. Right now I'm learning about malware analysis too, thanks to TCM Security <3
|
||||
Please don't mistake me for a professional penetration tester just yet! There's still a wealth of knowledge about cybersecurity that I haven't explored, such as conducting penetration tests on Android, iOS, and even within networks. At present, I'm also immersing myself in the realm of malware analysis, all thanks to TCM Security <3.
|
||||
|
||||
## Contact
|
||||
Contact me if you have something to discuss or if you have a great resource about cybersecurity, i'll be very happy to read about the resource :D
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
---
|
||||
author: "Muhammad Daffa"
|
||||
title: "Blog"
|
||||
date: "2019-03-09"
|
||||
# description: "About Muhammad Daffa"
|
||||
tags: ["profile"]
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: true
|
||||
comments: false
|
||||
searchHidden: true
|
||||
ShowBreadCrumbs: false
|
||||
ShowRssButtonInSectionTermList: false
|
||||
---
|
||||
|
||||
Coming Soon! Still in progress migrating from Medium to this website :)
|
|
@ -24,6 +24,8 @@ Here are some of my achievements when doing bug hunting
|
|||
- [Legally Breaking](https://legallybreaking.com/index.php?p=/hall-fame) (Website Inactive)
|
||||
- [DIB-VDP Pilot](https://hackerone.com/dib-vdp-pilot) (Program Closed)
|
||||
- [PlanetArt](https://hackerone.com/planetart/thanks)
|
||||
- [Automattic](https://hackerone.com/automattic/thanks/2023)
|
||||
- [Valve](https://hackerone.com/valve/thanks/2023)
|
||||
- [Yelp](https://hackerone.com/yelp/thanks)
|
||||
- 2 Private Program at Hackerone
|
||||
|
|
@ -1,55 +0,0 @@
|
|||
---
|
||||
title: "CVE-2021-24519"
|
||||
date: 2021-07-19T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: false
|
||||
comments: false
|
||||
description: "Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: true # to disable highlightjs
|
||||
disableShare: false
|
||||
disableHLJS: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue
|
||||
|
||||
## Plugin Name
|
||||
[VikRentCar](https://wordpress.org/plugins/vikrentcar/)
|
||||
|
||||
## Installation Number
|
||||
1,000+
|
||||
|
||||
## Affected Version
|
||||
<= 1.1.9
|
||||
|
||||
## Fixed Version
|
||||
1.1.10
|
||||
|
||||
## Advisory Link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519)
|
||||
* [WPScan](https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c)
|
|
@ -1,55 +0,0 @@
|
|||
---
|
||||
title: "CVE-2021-24531"
|
||||
date: 2021-07-21T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: false
|
||||
comments: false
|
||||
description: "Charitable - Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: true # to disable highlightjs
|
||||
disableShare: false
|
||||
disableHLJS: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
The Charitable - Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.
|
||||
|
||||
## Plugin Name
|
||||
[Charitable](https://wordpress.org/plugins/charitable/)
|
||||
|
||||
## Installation Number
|
||||
10,000+
|
||||
|
||||
## Affected Version
|
||||
<= 1.6.50
|
||||
|
||||
## Fixed Version
|
||||
1.6.51
|
||||
|
||||
## Advisory Link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24531)
|
||||
* [WPScan](https://wpscan.com/vulnerability/a5837621-ee6e-4876-9f65-82658fc0341f)
|
|
@ -1,55 +0,0 @@
|
|||
---
|
||||
title: "CVE-2021-24561"
|
||||
date: 2021-07-26T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: false
|
||||
comments: false
|
||||
description: "WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: true # to disable highlightjs
|
||||
disableShare: false
|
||||
disableHLJS: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue
|
||||
|
||||
## Plugin Name
|
||||
[WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc](https://wordpress.org/plugins/wp-sms/)
|
||||
|
||||
## Installation Number
|
||||
8,000+
|
||||
|
||||
## Affected Version
|
||||
<= 5.4.12
|
||||
|
||||
## Fixed Version
|
||||
5.4.13
|
||||
|
||||
## Advisory link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24561)
|
||||
* [WPScan](https://wpscan.com/vulnerability/5433ef4c-4451-4b6e-992b-69c5eccabf90)
|
|
@ -1,55 +0,0 @@
|
|||
---
|
||||
title: "CVE-2022-23983"
|
||||
date: 2022-02-21T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: true
|
||||
comments: false
|
||||
description: "WP Content Copy Protection & No Right Click < 3.4.5 - Settings Update via CSRF"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: false # to disable highlightjs
|
||||
disableShare: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4).
|
||||
|
||||
## Plugin Name
|
||||
[WP Content Copy Protection & No Right Click](https://wordpress.org/plugins/wp-content-copy-protection-no-right-click/)
|
||||
|
||||
## Installation Number
|
||||
100,000+
|
||||
|
||||
## Affected Version
|
||||
<= 3.4.4
|
||||
|
||||
## Fixed Version
|
||||
3.4.5
|
||||
|
||||
## Advisory link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23983)
|
||||
* [WPScan](https://wpscan.com/vulnerability/b6733721-56fc-44f5-b18b-cd5793517515)
|
||||
* [Patchstack](https://patchstack.com/database/vulnerability/wp-content-copy-protector/wordpress-wp-content-copy-protection-no-right-click-plugin-3-4-4-cross-site-request-forgery-csrf-leads-to-settings-update-vulnerability)
|
|
@ -1,57 +0,0 @@
|
|||
---
|
||||
title: "CVE-2022-23984"
|
||||
date: 2022-02-21T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: false
|
||||
comments: false
|
||||
description: "wpDiscuz < 7.3.12 - Sensitive Information Disclosure"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: true # to disable highlightjs
|
||||
disableShare: false
|
||||
disableHLJS: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11).
|
||||
|
||||
## Plugin Name
|
||||
[wpDiscuz](https://wordpress.org/plugins/wpdiscuz/)
|
||||
|
||||
## Installation Number
|
||||
90,000+
|
||||
|
||||
## Affected Version
|
||||
<= 7.3.11
|
||||
|
||||
## Fixed Version
|
||||
7.3.12
|
||||
|
||||
## Advisory link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23984)
|
||||
* [WPScan](https://wpscan.com/vulnerability/027e6ef8-39d8-4fa9-957f-f53ee7175c0a)
|
||||
* [Patchstack](https://patchstack.com/database/vulnerability/wpdiscuz/wordpress-wpdiscuz-plugin-7-3-11-sensitive-information-disclosure-vulnerability)
|
||||
|
|
@ -1,57 +0,0 @@
|
|||
---
|
||||
title: "CVE-2022-25618"
|
||||
date: 2022-04-04T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: false
|
||||
comments: false
|
||||
description: "wpDataTables < 2.1.28 - Admin+ Stored Cross-Site Scripting"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: true # to disable highlightjs
|
||||
disableShare: false
|
||||
disableHLJS: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27
|
||||
|
||||
## Plugin Name
|
||||
[wpDataTables](https://wordpress.org/plugins/wpdatatables/)
|
||||
|
||||
## Installation Number
|
||||
60,000+
|
||||
|
||||
## Affected Version
|
||||
<= 2.1.27
|
||||
|
||||
## Fixed Version
|
||||
2.1.28
|
||||
|
||||
## Advisory link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25618)
|
||||
* [WPScan](https://wpscan.com/vulnerability/02a8b0bc-e434-4be5-8892-cba13d1b4329)
|
||||
* [Patchstack](https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-stored-cross-site-scripting-xss-vulnerability)
|
||||
|
|
@ -1,57 +0,0 @@
|
|||
---
|
||||
title: "CVE-2022-27844"
|
||||
date: 2022-04-11T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: false
|
||||
comments: false
|
||||
description: "WPvivid Backup and Migration Plugin < 0.9.71 - Admin+ Arbitrary File Download"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: true # to disable highlightjs
|
||||
disableShare: false
|
||||
disableHLJS: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70
|
||||
|
||||
## Plugin Name
|
||||
[WPvivid](https://wordpress.org/plugins/wpvivid-backup-restore/)
|
||||
|
||||
## Installation Number
|
||||
200,000+
|
||||
|
||||
## Affected Version
|
||||
<= 0.9.70
|
||||
|
||||
## Fixed Version
|
||||
0.9.71
|
||||
|
||||
## Advisory link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27844)
|
||||
* [WPScan](https://wpscan.com/vulnerability/e15703bd-d23d-46fc-8fc9-a3c6d851df0a)
|
||||
* [Patchstack](https://patchstack.com/database/vulnerability/wpvivid-backuprestore/wordpress-wpvivid-plugin-0-9-70-arbitrary-file-read-vulnerability)
|
||||
|
|
@ -1,56 +0,0 @@
|
|||
---
|
||||
title: "CVE-2022-27848"
|
||||
date: 2022-04-14T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: false
|
||||
comments: false
|
||||
description: "Modern Events Calendar Lite < 6.5.2 - Admin+ Stored Cross-Site Scripting"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: true # to disable highlightjs
|
||||
disableShare: false
|
||||
disableHLJS: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1
|
||||
|
||||
## Plugin Name
|
||||
[Modern Events Calendar Lite](https://wordpress.org/plugins/modern-events-calendar-lite/)
|
||||
|
||||
## Installation Number
|
||||
100,000+ (Closed)
|
||||
|
||||
## Affected Version
|
||||
<= 6.5.1
|
||||
|
||||
## Fixed Version
|
||||
6.5.2
|
||||
|
||||
## Advisory link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27848)
|
||||
* [WPScan](https://wpscan.com/vulnerability/ef2843d0-f84d-4093-a08b-342ed0848914)
|
||||
* [Patchstack](https://patchstack.com/database/vulnerability/modern-events-calendar-lite/wordpress-modern-events-calendar-lite-plugin-6-5-1-authenticated-stored-cross-site-scripting-xss-vulnerability)
|
|
@ -1,54 +0,0 @@
|
|||
---
|
||||
title: "CVE-2022-32587"
|
||||
date: 2022-09-26T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: true
|
||||
comments: false
|
||||
description: "WordPress WP Page Widget plugin <= 3.9 - Cross-Site Request Forgery"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: false # to disable highlightjs
|
||||
disableShare: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings change.
|
||||
|
||||
## Plugin Name
|
||||
[WP Page Widget](https://wordpress.org/plugins/wp-page-widget/)
|
||||
|
||||
## Installation Number
|
||||
60,000+
|
||||
|
||||
## Affected Version
|
||||
<= 3.9
|
||||
|
||||
## Fixed Version
|
||||
4.0
|
||||
|
||||
## Advisory link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32587)
|
||||
* [Patchstack](https://patchstack.com/database/vulnerability/wp-page-widget/wordpress-wp-page-widget-plugin-3-9-cross-site-request-forgery-csrf-vulnerability)
|
|
@ -1,56 +0,0 @@
|
|||
---
|
||||
title: "CVE-2022-33201"
|
||||
date: 2022-05-08T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: false
|
||||
comments: false
|
||||
description: "MailerLite - Signup forms (official) < 1.5.7 - API Key Update via CSRF"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: true # to disable highlightjs
|
||||
disableShare: false
|
||||
disableHLJS: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key.
|
||||
|
||||
## Plugin Name
|
||||
[MailerLite – Signup forms (official)](https://wordpress.org/plugins/official-mailerlite-sign-up-forms/)
|
||||
|
||||
## Installation Number
|
||||
60,000+
|
||||
|
||||
## Affected Version
|
||||
<= 1.5.6
|
||||
|
||||
## Fixed Version
|
||||
1.5.7
|
||||
|
||||
## Advisory link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33201)
|
||||
* [WPScan](https://wpscan.com/vulnerability/dcce9241-4903-40dc-98d1-0abc30a3f779)
|
||||
* [Patchstack](https://patchstack.com/database/vulnerability/official-mailerlite-sign-up-forms/wordpress-mailerlite-signup-forms-official-plugin-1-5-7-cross-site-request-forgery-csrf-vulnerability)
|
|
@ -1,56 +0,0 @@
|
|||
---
|
||||
title: "CVE-2022-34347"
|
||||
date: 2022-08-22T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: false
|
||||
comments: false
|
||||
description: "Download Manager < 3.2.49 - Clear Stats & Cache via CSRF"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: true # to disable highlightjs
|
||||
disableShare: false
|
||||
disableHLJS: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
|
||||
|
||||
## Plugin Name
|
||||
[Download Manager](https://wordpress.org/plugins/download-manager/)
|
||||
|
||||
## Installation Number
|
||||
100,000+
|
||||
|
||||
## Affected Version
|
||||
<= 3.2.48
|
||||
|
||||
## Fixed Version
|
||||
3.2.49
|
||||
|
||||
## Advisory Link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34347)
|
||||
* [WPScan](https://wpscan.com/vulnerability/1fe07196-52d4-40c5-b01d-69852b4fb9c5)
|
||||
* [Patchstack](https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3-2-48-cross-site-request-forgery-csrf-vulnerability)
|
|
@ -1,56 +0,0 @@
|
|||
---
|
||||
title: "CVE-2022-36282"
|
||||
date: 2022-08-23T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: false
|
||||
comments: false
|
||||
description: "Search Exclude < 1.2.7 - Author+ Stored Cross-Site Scripting"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: true # to disable highlightjs
|
||||
disableShare: false
|
||||
disableHLJS: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's Search Exclude plugin <= 1.2.6 at WordPress.
|
||||
|
||||
## Plugin Name
|
||||
[Search Exclude](https://wordpress.org/plugins/search-exclude/)
|
||||
|
||||
## Installation Number
|
||||
60,000+
|
||||
|
||||
## Affected Version
|
||||
<= 1.2.6
|
||||
|
||||
## Fixed Version
|
||||
1.2.7
|
||||
|
||||
## Advisory Link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36282)
|
||||
* [WPScan](https://wpscan.com/vulnerability/52841b21-493f-4e63-bcbf-528089955e4f)
|
||||
* [Patchstack](https://patchstack.com/database/vulnerability/search-exclude/wordpress-search-exclude-plugin-1-2-6-authenticated-stored-cross-site-scripting-xss-vulnerability)
|
|
@ -1,54 +0,0 @@
|
|||
---
|
||||
title: "CVE-2022-36340"
|
||||
date: 2022-09-23T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: true
|
||||
comments: false
|
||||
description: "WordPress MailOptin plugin <= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: false # to disable highlightjs
|
||||
disableShare: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress.
|
||||
|
||||
## Plugin Name
|
||||
[Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin](https://wordpress.org/plugins/mailoptin/)
|
||||
|
||||
## Installation Number
|
||||
30,000+
|
||||
|
||||
## Affected Version
|
||||
<= 1.2.49.0
|
||||
|
||||
## Fixed Version
|
||||
1.2.50.0
|
||||
|
||||
## Advisory link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36340)
|
||||
* [Patchstack](https://patchstack.com/database/vulnerability/mailoptin/wordpress-mailoptin-plugin-1-2-49-0-unauthenticated-optin-campaign-cache-deletion-vulnerability)
|
|
@ -1,56 +0,0 @@
|
|||
---
|
||||
title: "CVE-2022-36346"
|
||||
date: 2022-08-22T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: false
|
||||
comments: false
|
||||
description: "MaxButtons < 9.3 - Arbitrary Settings Update via CSRF"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: true # to disable highlightjs
|
||||
disableShare: false
|
||||
disableHLJS: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress.
|
||||
|
||||
## Plugin Name
|
||||
[MaxButtons](https://wordpress.org/plugins/maxbuttons/)
|
||||
|
||||
## Installation Number
|
||||
100,000+
|
||||
|
||||
## Affected Version
|
||||
<= 9.2
|
||||
|
||||
## Fixed Version
|
||||
9.3
|
||||
|
||||
## Advisory Link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36346)
|
||||
* [WPScan](https://wpscan.com/vulnerability/c1b448e0-430a-4f47-aded-77af8d291232)
|
||||
* [Patchstack](https://patchstack.com/database/vulnerability/maxbuttons/wordpress-maxbuttons-plugins-9-2-multiple-cross-site-request-forgery-csrf-vulnerabilities)
|
|
@ -1,54 +0,0 @@
|
|||
---
|
||||
title: "CVE-2022-38095"
|
||||
date: 2022-09-23T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: true
|
||||
comments: false
|
||||
description: "WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 - Cross-Site Request Forgery"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: false # to disable highlightjs
|
||||
disableShare: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress.
|
||||
|
||||
## Plugin Name
|
||||
[Advanced Dynamic Pricing for WooCommerce](https://wordpress.org/plugins/advanced-dynamic-pricing-for-woocommerce/)
|
||||
|
||||
## Installation Number
|
||||
20,000+
|
||||
|
||||
## Affected Version
|
||||
<= 4.1.3
|
||||
|
||||
## Fixed Version
|
||||
4.1.4
|
||||
|
||||
## Advisory link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38095)
|
||||
* [Patchstack](https://patchstack.com/database/vulnerability/advanced-dynamic-pricing-for-woocommerce/wordpress-advanced-dynamic-pricing-for-woocommerce-plugin-4-1-3-cross-site-request-forgery-csrf-vulnerability)
|
|
@ -1,54 +0,0 @@
|
|||
---
|
||||
title: "CVE-2022-38134"
|
||||
date: 2022-09-23T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: true
|
||||
comments: false
|
||||
description: "WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Authenticated Broken Access Control"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: false # to disable highlightjs
|
||||
disableShare: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.
|
||||
|
||||
## Plugin Name
|
||||
[Customer Reviews for WooCommerce](https://wordpress.org/plugins/customer-reviews-woocommerce/)
|
||||
|
||||
## Installation Number
|
||||
50,000+
|
||||
|
||||
## Affected Version
|
||||
<= 5.3.5
|
||||
|
||||
## Fixed Version
|
||||
5.3.6
|
||||
|
||||
## Advisory link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38134)
|
||||
* [Patchstack](https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-authenticated-broken-access-control-vulnerability)
|
|
@ -1,54 +0,0 @@
|
|||
---
|
||||
title: "CVE-2022-38137"
|
||||
date: 2022-09-26T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: true
|
||||
comments: false
|
||||
description: "WordPress Analytify plugin <= 4.2.2 - Cross-Site Request Forgery"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: false # to disable highlightjs
|
||||
disableShare: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
-
|
||||
|
||||
## Plugin Name
|
||||
[Analytify – Google Analytics Dashboard For WordPress](https://wordpress.org/plugins/wp-analytify/)
|
||||
|
||||
## Installation Number
|
||||
60,000+
|
||||
|
||||
## Affected Version
|
||||
<= 4.2.2
|
||||
|
||||
## Fixed Version
|
||||
4.2.3
|
||||
|
||||
## Advisory link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38137)
|
||||
* [Patchstack](https://patchstack.com/database/vulnerability/wp-analytify/wordpress-analytify-plugin-4-2-2-cross-site-request-forgery-csrf-vulnerability)
|
|
@ -1,54 +0,0 @@
|
|||
---
|
||||
title: "CVE-2022-38470"
|
||||
date: 2022-09-22T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: true
|
||||
comments: false
|
||||
description: "WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Cross-Site Request Forgery"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: false # to disable highlightjs
|
||||
disableShare: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.
|
||||
|
||||
## Plugin Name
|
||||
[Customer Reviews for WooCommerce](https://wordpress.org/plugins/customer-reviews-woocommerce/)
|
||||
|
||||
## Installation Number
|
||||
50,000+
|
||||
|
||||
## Affected Version
|
||||
<= 5.3.5
|
||||
|
||||
## Fixed Version
|
||||
5.3.6
|
||||
|
||||
## Advisory link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38470)
|
||||
* [Patchstack](https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-cross-site-request-forgery-csrf-vulnerability)
|
|
@ -1,54 +0,0 @@
|
|||
---
|
||||
title: "CVE-2022-38704"
|
||||
date: 2022-02-23T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: true
|
||||
comments: false
|
||||
description: "WordPress SEO Redirection plugin <= 8.9 - Cross-Site Request Forgery"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: false # to disable highlightjs
|
||||
disableShare: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.
|
||||
|
||||
## Plugin Name
|
||||
[SEO Redirection Plugin – 301 Redirect Manager](https://wordpress.org/plugins/seo-redirection)
|
||||
|
||||
## Installation Number
|
||||
30,000+
|
||||
|
||||
## Affected Version
|
||||
<= 8.9
|
||||
|
||||
## Fixed Version
|
||||
9.1
|
||||
|
||||
## Advisory link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38704)
|
||||
* [Patchstack](https://patchstack.com/database/vulnerability/seo-redirection/wordpress-seo-redirection-plugin-8-9-cross-site-request-forgery-csrf-vulnerability)
|
|
@ -1,54 +0,0 @@
|
|||
---
|
||||
title: "CVE-2022-40132"
|
||||
date: 2022-09-23T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: true
|
||||
comments: false
|
||||
description: "WordPress Seriously Simple Podcasting plugin <= 2.16.0 - Cross-Site Request Forgery"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: false # to disable highlightjs
|
||||
disableShare: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change.
|
||||
|
||||
## Plugin Name
|
||||
[Seriously Simple Podcasting](https://wordpress.org/plugins/seriously-simple-podcasting)
|
||||
|
||||
## Installation Number
|
||||
30,000+
|
||||
|
||||
## Affected Version
|
||||
<= 2.16.0
|
||||
|
||||
## Fixed Version
|
||||
2.16.1
|
||||
|
||||
## Advisory link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40132)
|
||||
* [Patchstack](https://patchstack.com/database/vulnerability/seriously-simple-podcasting/wordpress-seriously-simple-podcasting-plugin-2-16-0-cross-site-request-forgery-csrf-vulnerability)
|
|
@ -1,54 +0,0 @@
|
|||
---
|
||||
title: "CVE-2022-40194"
|
||||
date: 2022-09-23T11:30:03+00:00
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
tags: ["cve"]
|
||||
author: "Muhammad Daffa"
|
||||
# author: ["Me", "You"] # multiple authors
|
||||
showToc: true
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: true
|
||||
comments: false
|
||||
description: "WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Sensitive Information Disclosure"
|
||||
canonicalURL: "https://canonical.url/to/page"
|
||||
disableHLJS: false # to disable highlightjs
|
||||
disableShare: false
|
||||
hideSummary: false
|
||||
searchHidden: true
|
||||
ShowReadingTime: false
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: false
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/<path_to_repo>/content"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
## Description
|
||||
Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress
|
||||
|
||||
## Plugin Name
|
||||
[Customer Reviews for WooCommerce](https://wordpress.org/plugins/customer-reviews-woocommerce/)
|
||||
|
||||
## Installation Number
|
||||
50,000+
|
||||
|
||||
## Affected Version
|
||||
<= 5.3.5
|
||||
|
||||
## Fixed Version
|
||||
5.3.6
|
||||
|
||||
## Advisory link
|
||||
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38134)
|
||||
* [Patchstack](https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-sensitive-information-disclosure-vulnerability/)
|
|
@ -1,6 +1,97 @@
|
|||
---
|
||||
author: "Muhammad Daffa"
|
||||
title: "CVEs"
|
||||
layout: "archives"
|
||||
# url: "/archives"
|
||||
summary: "List of all my CVEs"
|
||||
date: "2019-03-09"
|
||||
# description: "About Muhammad Daffa"
|
||||
tags: ["profile"]
|
||||
TocOpen: true
|
||||
draft: false
|
||||
hidemeta: true
|
||||
comments: false
|
||||
searchHidden: true
|
||||
ShowBreadCrumbs: false
|
||||
ShowRssButtonInSectionTermList: false
|
||||
---
|
||||
|
||||
These are some of the CVEs I obtained from conducting penetration testing.
|
||||
|
||||
## CVEs
|
||||
|
||||
- [CVE-2023-25989](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/meks-smart-social-widget/meks-smart-social-widget-16-cross-site-request-forgery-via-meks-remove-notification)
|
||||
- [CVE-2022-47172](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woolentor-addons/woolentor-262-cross-site-request-forgery-via-process-data)
|
||||
- [CVE-2022-47169](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/visibility-logic-elementor/visibility-logic-for-elementor-234-cross-site-request-forgery-via-toggle-option)
|
||||
- [CVE-2023-23823](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/enhanced-text-widget/enhanced-text-widget-157-missing-authorization)
|
||||
- [CVE-2022-45372](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-product-gallery-slider/product-gallery-slider-for-woocommerce-228-cross-site-request-forgery)
|
||||
- [CVE-2022-33974](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/custom-twitter-feeds/custom-twitter-feeds-tweets-widget-184-cross-site-request-forgery)
|
||||
- [CVE-2022-47174](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/performance-lab/performance-lab-220-cross-site-request-forgery-via-dismiss-wp-pointer)
|
||||
- [CVE-2022-47136](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ninja-tables/ninja-tables-434-cross-site-request-forgery)
|
||||
- [CVE-2022-47178](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/simple-share-buttons-adder/simple-share-buttons-adder-846-cross-site-request-forgery)
|
||||
- [CVE-2022-47137](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ninja-tables/ninja-tables-434-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings)
|
||||
- [CVE-2022-45371](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/shopengine/shopengine-411-cross-site-request-forgery)
|
||||
- [CVE-2022-33961](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/yellow-pencil-visual-theme-customizer/yellowpencil-visual-css-style-editor-758-reflected-cross-site-scripting-livelink)
|
||||
- [CVE-2022-32970](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/themify-portfolio-post/themify-portfolio-post-122-authenticated-editor-stored-cross-site-scripting)
|
||||
- [CVE-2022-45367](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/custom-order-numbers-for-woocommerce/custom-order-numbers-for-woocommerce-140-cross-site-request-forgery)
|
||||
- [CVE-2022-47149](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/pretty-link/shortlinks-by-pretty-links-340-cross-site-request-forgery-via-route)
|
||||
- [CVE-2022-47161](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/health-check/health-check-troubleshooting-151-cross-site-request-forgery-via-health-check-troubleshoot-get-captures)
|
||||
- [CVE-2023-28989](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/happy-elementor-addons/happy-addons-for-elementor-382-cross-site-request-forgery-via-handle-optin-optout)
|
||||
- [CVE-2022-46793](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-product-feed-pro/product-feed-pro-for-woocommerce-1240-cross-site-request-forgery-via-update-project)
|
||||
- [CVE-2022-46795](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-delivery-notes/print-invoice-delivery-notes-for-woocommerce-472-cross-site-request-forgery-via-ts-reset-tracking-setting)
|
||||
- [CVE-2022-46794](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/weight-based-shipping-for-woocommerce/woocommerce-weight-based-shipping-541-cross-site-request-forgery-leading-to-plugin-settings-changes)
|
||||
- [CVE-2023-27461](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/when-last-login/when-last-login-121-cross-site-request-forgery)
|
||||
- [CVE-2023-26543](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-meteor/wp-meteor-page-speed-optimization-topping-314-cross-site-request-forgery-via-processajaxnoticedismiss)
|
||||
- [CVE-2022-46851](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/astra-sites/starter-templates-elementor-wordpress-beaver-builder-templates-3120-cross-site-request-forgery-in-add-to-favorite)
|
||||
- [CVE-2022-46853](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/the-post-grid/the-post-grid-shortcode-gutenberg-blocks-and-elementor-addon-for-post-grid-504-cross-site-request-forgery-in-rttpg-spare-me)
|
||||
- [CVE-2022-46852](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-table-builder/wp-table-builder-wordpress-table-plugin-146-authenticated-admin-stored-cross-site-scripting)
|
||||
- [CVE-2022-40198](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-wallet/terawallet-for-woocommerce-1324-cross-site-request-forgery-via-admin-options)
|
||||
- [CVE-2022-47166](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/cf7-widget-elementor/void-contact-form-7-widget-for-elementor-page-builder-211-cross-site-request-forgery-in-void-cf7-opt-in-user-data-track)
|
||||
- [CVE-2022-46855](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/dk-pricr-responsive-pricing-table/responsive-pricing-table-516-authenticated-contributor-stored-cross-site-scripting)
|
||||
- [CVE-2022-46797](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/enhanced-e-commerce-for-woocommerce-store/all-in-one-google-analytics-pixels-and-product-feed-manager-for-woocommerce-523-cross-site-request-forgery)
|
||||
- [CVE-2022-46796](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-multi-currency/curcy-2125-missing-authorization-to-currency-exchange-retrieval)
|
||||
- [CVE-2022-46798](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woolentor-addons/shoplentor-251-cross-site-request-forgery-to-post-updates)
|
||||
- [CVE-2022-46848](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/visualizer/visualizer-391-authenticatedcontributor-stored-cross-site-scripting)
|
||||
- [CVE-2022-45068](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-mercadopago/mercado-pago-payments-for-woocommerce-631-cross-site-request-forgery)
|
||||
- [CVE-2023-23711](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/a2-optimized-wp/a2-optimized-wp-304-cross-site-request-forgery)
|
||||
- [CVE-2022-45376](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/side-cart-woocommerce/side-cart-woocommerce-ajax-21-cross-site-request-forgery)
|
||||
- [CVE-2022-45076](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/flexible-elementor-panel/flexible-elementor-panel-238-cross-site-request-forgery)
|
||||
- [CVE-2022-47148](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-pdf-invoices-packing-slips/woocommerce-pdf-invoices-packing-slips-325-cross-site-request-forgery)
|
||||
- [CVE-2022-47170](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-1548-authenticated-admin-cross-site-scripting-xss)
|
||||
- [CVE-2023-22700](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/pixelyoursite/pixelyoursite-930-cross-site-request-forgery)
|
||||
- [CVE-2022-45067](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-261-cross-site-request-forgery)
|
||||
- [CVE-2022-26366](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/adrotate/adrotate-banner-manager-59-cross-site-request-forgery)
|
||||
- [CVE-2022-25952](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/content-egg/content-egg-540-cross-site-request-forgery)
|
||||
- [CVE-2022-43481](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-coupons-for-woocommerce-free/advanced-coupons-for-woocommerce-coupons-45-cross-site-request-forgery)
|
||||
- [CVE-2022-43463](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/yikes-inc-easy-custom-woocommerce-product-tabs/custom-product-tabs-for-woocommerce-179-authenticated-administrator-stored-cross-site-scripting)
|
||||
- [CVE-2022-36401](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-wallet/terawallet-for-woocommerce-1324-cross-site-request-forgery)
|
||||
- [CVE-2022-43488](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-415-cross-site-request-forgery-2)
|
||||
- [CVE-2022-40686](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/creative-mail-by-constant-contact/creative-mail-154-cross-site-request-forgery-to-plugin-deactivation)
|
||||
- [CVE-2022-40687](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/creative-mail-by-constant-contact/creative-mail-154-cross-site-request-forgery-to-settings-disconnect)
|
||||
- [CVE-2022-41805](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-jetpack/booster-for-woocommerce-566-cross-site-request-forgery)
|
||||
- [CVE-2022-34148](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/backup/backup-guard-169-authenticated-administrator-stored-cross-site-scripting)
|
||||
- [CVE-2022-43491](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-415-cross-site-request-forgery)
|
||||
- [CVE-2022-38137](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-analytify/analytify-google-analytics-dashboard-for-wordpress-422-cross-site-request-forgery)
|
||||
- [CVE-2022-32776](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-ads/advanced-ads-ad-manager-adsense-1311-authenticated-administrator-stored-cross-site-scripting)
|
||||
- [CVE-2022-34654](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/manage-notification-emails/manage-notification-e-mails-182-cross-site-request-forgery-to-plugin-options-update)
|
||||
- [CVE-2022-32587](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-page-widget/wp-page-widget-39-cross-site-request-forgery)
|
||||
- [CVE-2022-36340](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/mailoptin/mailoptin-12490-missing-authorization-to-cache-deletion)
|
||||
- [CVE-2022-40132](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/seriously-simple-podcasting/seriously-simple-podcasting-2160-cross-site-request-forgery)
|
||||
- [CVE-2022-38134](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-535-multiple-unprotected-ajax-actions)
|
||||
- [CVE-2022-40194](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-535-sensitive-data-exposure)
|
||||
- [CVE-2022-38470](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-535-cross-site-request-forgery)
|
||||
- [CVE-2022-38095](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-413-cross-site-request-forgery-to-plugin-settings-update)
|
||||
- [CVE-2022-33177](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/booking/booking-calendar-921-cross-site-request-forgery)
|
||||
- [CVE-2022-38058](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-shamsi/wp-shamsi-411-missing-authorization-to-plugin-settings-update)
|
||||
- [CVE-2022-36282](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/search-exclude/search-exclude-126-authenticated-editor-stored-cross-site-scripting)
|
||||
- [CVE-2022-35726](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/yotuwp-easy-youtube-embed/video-gallery-youtube-playlist-channel-gallery-by-yotuwp-138-missing-authorization)
|
||||
- [CVE-2022-38703](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/maxbuttons/maxbuttons-92-authenticated-administrator-stored-cross-site-scripting)
|
||||
- [CVE-2022-34347](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/download-manager/download-manager-3248-cross-site-request-forgery-to-plugin-settings-update)
|
||||
- [CVE-2022-36346](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/maxbuttons/wordpress-button-plugin-maxbuttons-92-cross-site-request-forgery)
|
||||
- [CVE-2022-38704](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/seo-redirection/seo-redirection-plugin-301-redirect-manager-89-cross-site-request-forgery)
|
||||
- [CVE-2022-33201](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/official-mailerlite-sign-up-forms/mailerlite-signup-forms-official-157-cross-site-request-forgery)
|
||||
- [CVE-2022-27848](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/modern-events-calendar-lite/modern-events-calendar-lite-651-authenticated-admin-stored-cross-site-scripting)
|
||||
- [CVE-2022-27844](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0970-authenticated-arbitrary-file-read)
|
||||
- [CVE-2022-25618](https://www.wordfence.com/threat-intel/vulnerabilities/detail/wpdatatables-wordpress-tables-table-charts-plugin-2127-authenticated-admin-stored-cross-site-scripting)
|
||||
- [CVE-2022-23983](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-content-copy-protection/wp-content-copy-protection-344-cross-site-request-forgery-to-setting-update)
|
||||
- [CVE-2022-23984](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpdiscuz/comments-wpdiscuz-7311-sensitive-information-disclosure)
|
||||
- [CVE-2021-24561](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-sms/wp-sms-5412-authenticated-stored-cross-site-scripting)
|
||||
- [CVE-2021-24531](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/charitable/charitable-donation-plugin-1650-authenticated-stored-cross-site-scripting)
|
||||
- [CVE-2021-24519](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/vikrentcar/vikrentcar-car-rental-management-system-1110-authenticated-admin-stored-cross-site-scripting)
|
||||
|
|
|
@ -21,41 +21,86 @@ The list below are some of the companies that recognize me as a bug hunter. Here
|
|||
- Hall of Fame at Sekolah Siber
|
||||
- Hall of Fame at wur.nl
|
||||
- Thanks list at HackerOne PlanetArt
|
||||
- Thanks list at Private Program HackerOne
|
||||
- Thanks list at HackerOne Valve
|
||||
- Certificate Appreciation from GeeksforGeeks
|
||||
|
||||
**[Click here](https://daffa.info/achievements/)** to see the full list
|
||||
**[Click here](https://daffa.info/bug-hunting/)** to see the full list
|
||||
|
||||
## CVEs
|
||||
|
||||
Here is a list of CVEs that I got, most of them came from vulnerabilities in wordpress. I have a target which is to have **100++ CVEs**.
|
||||
- [CVE-2022-40194](https://daffa.info/cve/cve-2022-40194/) (WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Sensitive Information Disclosure)
|
||||
- [CVE-2022-40132](https://daffa.info/cve/cve-2022-40132/) (WordPress Seriously Simple Podcasting plugin <= 2.16.0 - CSRF)
|
||||
- [CVE-2022-38704](https://daffa.info/cve/cve-2022-38704/) (WordPress SEO Redirection plugin <= 8.9 - CSRF)
|
||||
- [CVE-2022-38470](https://daffa.info/cve/cve-2022-38470/) (WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - CSRF)
|
||||
- [CVE-2022-38095](https://daffa.info/cve/cve-2022-38095/) (WordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 - CSRF)
|
||||
- [CVE-2023-25989](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/meks-smart-social-widget/meks-smart-social-widget-16-cross-site-request-forgery-via-meks-remove-notification)
|
||||
- [CVE-2022-47172](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woolentor-addons/woolentor-262-cross-site-request-forgery-via-process-data)
|
||||
- [CVE-2022-47169](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/visibility-logic-elementor/visibility-logic-for-elementor-234-cross-site-request-forgery-via-toggle-option)
|
||||
- [CVE-2023-23823](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/enhanced-text-widget/enhanced-text-widget-157-missing-authorization)
|
||||
- [CVE-2022-45372](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woo-product-gallery-slider/product-gallery-slider-for-woocommerce-228-cross-site-request-forgery)
|
||||
|
||||
Total CVEs: **19**
|
||||
Total CVEs: **89**
|
||||
|
||||
**[Click here](https://daffa.info/cve/)** to see the full list
|
||||
|
||||
## GitHub Projects
|
||||
## Capture The Flag
|
||||
|
||||
These are my github projects which have lots of stars and forks
|
||||
I started to do CTF again in 2023, and this is a list of wins we have achieved while participating in several CTF competitions
|
||||
|
||||
### CTF Competitions
|
||||
|
||||
| Event Name | Team | Ranking |
|
||||
| ---------- | ---- | ------- |
|
||||
| DeconstruCT.F 2023 | aseng_fans_club | 1 |
|
||||
| The Odyssey CTF | aseng_fans_club | 1 |
|
||||
| BDSec CTF 2023 | HCS | 1 |
|
||||
| 0xLaugh CTF 2023 | TCP1P | 2 |
|
||||
|
||||
### Writeup Competitions
|
||||
|
||||
| Event Name | Team |
|
||||
| ---------- | ---- |
|
||||
| UIUCTF 2023 | TCP1P |
|
||||
|
||||
## Open Source Projects
|
||||
|
||||
Here are my open source projects related to cybersecurity that I have created and pushed to GitHub.
|
||||
|
||||
### Maintained Projects
|
||||
|
||||
#### Notes
|
||||
- [AllAboutBugBounty](https://github.com/daffainfo/AllAboutBugBounty)
|
||||
- [all-about-apikey](https://github.com/daffainfo/all-about-apikey)
|
||||
- [Key-Checker](https://github.com/daffainfo/Key-Checker)
|
||||
- [match-replace-burp](https://github.com/daffainfo/match-replace-burp)
|
||||
- [Oneliner-Bugbounty](https://github.com/daffainfo/Oneliner-Bugbounty)
|
||||
|
||||
#### CTF
|
||||
- [ctf-writeup](https://github.com/daffainfo/ctf-writeup)
|
||||
|
||||
#### Blue Team
|
||||
- [malpacks](https://github.com/daffainfo/malpacks)
|
||||
- [suricata-rules](https://github.com/daffainfo/suricata-rules)
|
||||
|
||||
#### Labs
|
||||
- [vulnerable-web](https://github.com/daffainfo/vulnerable-web)
|
||||
- [vulnlabs](https://github.com/daffainfo/vulnlabs)
|
||||
|
||||
#### Tools
|
||||
- [bypass-403](https://github.com/daffainfo/bypass-403)
|
||||
- [bash-bounty](https://github.com/daffainfo/bash-bounty)
|
||||
- [apiguesser](https://github.com/daffainfo/apiguesser)
|
||||
- [apiguesser](https://github.com/daffainfo/apiguesser-web)
|
||||
- [mailspoof](https://github.com/daffainfo/mailspoof)
|
||||
|
||||
### Abandoned Projects
|
||||
- [Git-Secret](https://github.com/daffainfo/Git-Secret)
|
||||
- [Bug-Bounty-Tools](https://github.com/daffainfo/Bug-Bounty-Tools)
|
||||
- [Key-Checker](https://github.com/daffainfo/Key-Checker)
|
||||
|
||||
**[Click here](https://github.com/daffainfo?tab=repositories)** to check some of my repositories
|
||||
|
||||
## Certifications
|
||||
|
||||
- eLearnSecurity Web Application Penetration Tester eXtreme (eWPTXv2)
|
||||
- eLearnSecurity Junior Penetration Tester (eJPT)
|
||||
- Certified AppSec Practitioner
|
||||
- Certfied Network Security Practicioner
|
||||
- Certified Secure Computer User (C/SCU)
|
||||
- Fortinet Network Security Expert Level 1: Certified Associate (NSE 1)
|
||||
- Fortinet Network Security Expert Level 2: Certified Associate (NSE 2)
|
||||
|
||||
## Misc
|
||||
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
title: "Search"
|
||||
layout: "search"
|
||||
---
|
|
@ -1,4 +1,4 @@
|
|||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>404 Page not found | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/404.html><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="404 Page not found"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/404.html"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="404 Page not found"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/blog/ title=Blog><span>Blog</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li><li><a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/><span>Search</span></a></li></ul></nav></header><main class=main><div class=not-found>404</div></main><footer class=footer><span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>404 Page not found | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/404.html><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="404 Page not found"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/404.html"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="404 Page not found"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li></ul></nav></header><main class=main><div class=not-found>404</div></main><footer class=footer><span>© 2023 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(e){b.contains(e.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
File diff suppressed because one or more lines are too long
|
@ -9,6 +9,7 @@
|
|||
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
|
||||
</image>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en</language>
|
||||
<lastBuildDate>Sat, 09 Mar 2019 00:00:00 +0000</lastBuildDate><atom:link href="https://daffa.info/about/index.xml" rel="self" type="application/rss+xml" />
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -9,6 +9,7 @@
|
|||
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
|
||||
</image>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en</language>
|
||||
<lastBuildDate>Sat, 09 Mar 2019 00:00:00 +0000</lastBuildDate><atom:link href="https://daffa.info/achievements/index.xml" rel="self" type="application/rss+xml" />
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -1 +0,0 @@
|
|||
<!doctype html><html lang=en><head><title>https://daffa.info/blog/</title><link rel=canonical href=https://daffa.info/blog/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/blog/"></head></html>
|
File diff suppressed because one or more lines are too long
|
@ -1,14 +1,15 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
|
||||
<channel>
|
||||
<title>Blog on Muhammad Daffa</title>
|
||||
<link>https://daffa.info/blog/</link>
|
||||
<description>Recent content in Blog on Muhammad Daffa</description>
|
||||
<title>Portfolio on Muhammad Daffa</title>
|
||||
<link>https://daffa.info/bug-hunting/</link>
|
||||
<description>Recent content in Portfolio on Muhammad Daffa</description>
|
||||
<image>
|
||||
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
|
||||
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
|
||||
</image>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<lastBuildDate>Sat, 09 Mar 2019 00:00:00 +0000</lastBuildDate><atom:link href="https://daffa.info/blog/index.xml" rel="self" type="application/rss+xml" />
|
||||
<language>en</language>
|
||||
<lastBuildDate>Sat, 09 Mar 2019 00:00:00 +0000</lastBuildDate><atom:link href="https://daffa.info/bug-hunting/index.xml" rel="self" type="application/rss+xml" />
|
||||
</channel>
|
||||
</rss>
|
|
@ -0,0 +1 @@
|
|||
<!doctype html><html lang=en><head><title>https://daffa.info/bug-hunting/</title><link rel=canonical href=https://daffa.info/bug-hunting/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/bug-hunting/"></head></html>
|
|
@ -1,4 +1,4 @@
|
|||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Categories | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/categories/><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://daffa.info/categories/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="Categories"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/categories/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="Categories"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/blog/ title=Blog><span>Blog</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li><li><a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/><span>Search</span></a></li></ul></nav></header><main class=main><header class=page-header><h1>Categories</h1></header><ul class=terms-tags></ul></main><footer class=footer><span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Categories | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/categories/><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://daffa.info/categories/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="Categories"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/categories/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="Categories"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li></ul></nav></header><main class=main><header class=page-header><h1>Categories</h1></header><ul class=terms-tags></ul></main><footer class=footer><span>© 2023 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(e){b.contains(e.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
|
@ -8,6 +8,7 @@
|
|||
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
|
||||
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
|
||||
</image>
|
||||
<generator>Hugo -- gohugo.io</generator><atom:link href="https://daffa.info/categories/index.xml" rel="self" type="application/rss+xml" />
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en</language><atom:link href="https://daffa.info/categories/index.xml" rel="self" type="application/rss+xml" />
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -9,195 +9,7 @@
|
|||
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
|
||||
</image>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<lastBuildDate>Mon, 26 Sep 2022 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/cve/index.xml" rel="self" type="application/rss+xml" />
|
||||
<item>
|
||||
<title>CVE-2022-32587</title>
|
||||
<link>https://daffa.info/cve/cve-2022-32587/</link>
|
||||
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-32587/</guid>
|
||||
<description>WordPress WP Page Widget plugin &lt;= 3.9 - Cross-Site Request Forgery</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-38137</title>
|
||||
<link>https://daffa.info/cve/cve-2022-38137/</link>
|
||||
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-38137/</guid>
|
||||
<description>WordPress Analytify plugin &lt;= 4.2.2 - Cross-Site Request Forgery</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-36340</title>
|
||||
<link>https://daffa.info/cve/cve-2022-36340/</link>
|
||||
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-36340/</guid>
|
||||
<description>WordPress MailOptin plugin &lt;= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-38095</title>
|
||||
<link>https://daffa.info/cve/cve-2022-38095/</link>
|
||||
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-38095/</guid>
|
||||
<description>WordPress Advanced Dynamic Pricing for WooCommerce plugin &lt;= 4.1.3 - Cross-Site Request Forgery</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-38134</title>
|
||||
<link>https://daffa.info/cve/cve-2022-38134/</link>
|
||||
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-38134/</guid>
|
||||
<description>WordPress Customer Reviews for WooCommerce plugin &lt;= 5.3.5 - Authenticated Broken Access Control</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-40132</title>
|
||||
<link>https://daffa.info/cve/cve-2022-40132/</link>
|
||||
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-40132/</guid>
|
||||
<description>WordPress Seriously Simple Podcasting plugin &lt;= 2.16.0 - Cross-Site Request Forgery</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-40194</title>
|
||||
<link>https://daffa.info/cve/cve-2022-40194/</link>
|
||||
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-40194/</guid>
|
||||
<description>WordPress Customer Reviews for WooCommerce plugin &lt;= 5.3.5 - Sensitive Information Disclosure</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-38470</title>
|
||||
<link>https://daffa.info/cve/cve-2022-38470/</link>
|
||||
<pubDate>Thu, 22 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-38470/</guid>
|
||||
<description>WordPress Customer Reviews for WooCommerce plugin &lt;= 5.3.5 - Cross-Site Request Forgery</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-36282</title>
|
||||
<link>https://daffa.info/cve/cve-2022-36282/</link>
|
||||
<pubDate>Tue, 23 Aug 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-36282/</guid>
|
||||
<description>Search Exclude &lt; 1.2.7 - Author+ Stored Cross-Site Scripting</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-34347</title>
|
||||
<link>https://daffa.info/cve/cve-2022-34347/</link>
|
||||
<pubDate>Mon, 22 Aug 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-34347/</guid>
|
||||
<description>Download Manager &lt; 3.2.49 - Clear Stats &amp; Cache via CSRF</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-36346</title>
|
||||
<link>https://daffa.info/cve/cve-2022-36346/</link>
|
||||
<pubDate>Mon, 22 Aug 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-36346/</guid>
|
||||
<description>MaxButtons &lt; 9.3 - Arbitrary Settings Update via CSRF</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-33201</title>
|
||||
<link>https://daffa.info/cve/cve-2022-33201/</link>
|
||||
<pubDate>Sun, 08 May 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-33201/</guid>
|
||||
<description>MailerLite - Signup forms (official) &lt; 1.5.7 - API Key Update via CSRF</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-27848</title>
|
||||
<link>https://daffa.info/cve/cve-2022-27848/</link>
|
||||
<pubDate>Thu, 14 Apr 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-27848/</guid>
|
||||
<description>Modern Events Calendar Lite &lt; 6.5.2 - Admin+ Stored Cross-Site Scripting</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-27844</title>
|
||||
<link>https://daffa.info/cve/cve-2022-27844/</link>
|
||||
<pubDate>Mon, 11 Apr 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-27844/</guid>
|
||||
<description>WPvivid Backup and Migration Plugin &lt; 0.9.71 - Admin+ Arbitrary File Download</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-25618</title>
|
||||
<link>https://daffa.info/cve/cve-2022-25618/</link>
|
||||
<pubDate>Mon, 04 Apr 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-25618/</guid>
|
||||
<description>wpDataTables &lt; 2.1.28 - Admin+ Stored Cross-Site Scripting</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-38704</title>
|
||||
<link>https://daffa.info/cve/cve-2022-38704/</link>
|
||||
<pubDate>Wed, 23 Feb 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-38704/</guid>
|
||||
<description>WordPress SEO Redirection plugin &lt;= 8.9 - Cross-Site Request Forgery</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-23983</title>
|
||||
<link>https://daffa.info/cve/cve-2022-23983/</link>
|
||||
<pubDate>Mon, 21 Feb 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-23983/</guid>
|
||||
<description>WP Content Copy Protection &amp; No Right Click &lt; 3.4.5 - Settings Update via CSRF</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-23984</title>
|
||||
<link>https://daffa.info/cve/cve-2022-23984/</link>
|
||||
<pubDate>Mon, 21 Feb 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-23984/</guid>
|
||||
<description>wpDiscuz &lt; 7.3.12 - Sensitive Information Disclosure</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24561</title>
|
||||
<link>https://daffa.info/cve/cve-2021-24561/</link>
|
||||
<pubDate>Mon, 26 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2021-24561/</guid>
|
||||
<description>WP SMS &lt; 5.4.13 - Authenticated Stored Cross-Site Scripting</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24531</title>
|
||||
<link>https://daffa.info/cve/cve-2021-24531/</link>
|
||||
<pubDate>Wed, 21 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2021-24531/</guid>
|
||||
<description>Charitable - Donation Plugin &lt; 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24519</title>
|
||||
<link>https://daffa.info/cve/cve-2021-24519/</link>
|
||||
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2021-24519/</guid>
|
||||
<description>Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
|
||||
</item>
|
||||
|
||||
<language>en</language>
|
||||
<lastBuildDate>Sat, 09 Mar 2019 00:00:00 +0000</lastBuildDate><atom:link href="https://daffa.info/cve/index.xml" rel="self" type="application/rss+xml" />
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
@ -1 +1 @@
|
|||
<!doctype html><html><head><title>https://daffa.info/cve/</title><link rel=canonical href=https://daffa.info/cve/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/cve/"></head></html>
|
||||
<!doctype html><html lang=en><head><title>https://daffa.info/cve/</title><link rel=canonical href=https://daffa.info/cve/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/cve/"></head></html>
|
File diff suppressed because one or more lines are too long
193
public/index.xml
193
public/index.xml
|
@ -9,196 +9,7 @@
|
|||
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
|
||||
</image>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<lastBuildDate>Mon, 26 Sep 2022 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/index.xml" rel="self" type="application/rss+xml" />
|
||||
<item>
|
||||
<title>CVE-2022-32587</title>
|
||||
<link>https://daffa.info/cve/cve-2022-32587/</link>
|
||||
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-32587/</guid>
|
||||
<description>WordPress WP Page Widget plugin &lt;= 3.9 - Cross-Site Request Forgery</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-38137</title>
|
||||
<link>https://daffa.info/cve/cve-2022-38137/</link>
|
||||
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-38137/</guid>
|
||||
<description>WordPress Analytify plugin &lt;= 4.2.2 - Cross-Site Request Forgery</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-36340</title>
|
||||
<link>https://daffa.info/cve/cve-2022-36340/</link>
|
||||
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-36340/</guid>
|
||||
<description>WordPress MailOptin plugin &lt;= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-38095</title>
|
||||
<link>https://daffa.info/cve/cve-2022-38095/</link>
|
||||
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-38095/</guid>
|
||||
<description>WordPress Advanced Dynamic Pricing for WooCommerce plugin &lt;= 4.1.3 - Cross-Site Request Forgery</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-38134</title>
|
||||
<link>https://daffa.info/cve/cve-2022-38134/</link>
|
||||
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-38134/</guid>
|
||||
<description>WordPress Customer Reviews for WooCommerce plugin &lt;= 5.3.5 - Authenticated Broken Access Control</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-40132</title>
|
||||
<link>https://daffa.info/cve/cve-2022-40132/</link>
|
||||
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-40132/</guid>
|
||||
<description>WordPress Seriously Simple Podcasting plugin &lt;= 2.16.0 - Cross-Site Request Forgery</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-40194</title>
|
||||
<link>https://daffa.info/cve/cve-2022-40194/</link>
|
||||
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-40194/</guid>
|
||||
<description>WordPress Customer Reviews for WooCommerce plugin &lt;= 5.3.5 - Sensitive Information Disclosure</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-38470</title>
|
||||
<link>https://daffa.info/cve/cve-2022-38470/</link>
|
||||
<pubDate>Thu, 22 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-38470/</guid>
|
||||
<description>WordPress Customer Reviews for WooCommerce plugin &lt;= 5.3.5 - Cross-Site Request Forgery</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-36282</title>
|
||||
<link>https://daffa.info/cve/cve-2022-36282/</link>
|
||||
<pubDate>Tue, 23 Aug 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-36282/</guid>
|
||||
<description>Search Exclude &lt; 1.2.7 - Author+ Stored Cross-Site Scripting</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-34347</title>
|
||||
<link>https://daffa.info/cve/cve-2022-34347/</link>
|
||||
<pubDate>Mon, 22 Aug 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-34347/</guid>
|
||||
<description>Download Manager &lt; 3.2.49 - Clear Stats &amp; Cache via CSRF</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-36346</title>
|
||||
<link>https://daffa.info/cve/cve-2022-36346/</link>
|
||||
<pubDate>Mon, 22 Aug 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-36346/</guid>
|
||||
<description>MaxButtons &lt; 9.3 - Arbitrary Settings Update via CSRF</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-33201</title>
|
||||
<link>https://daffa.info/cve/cve-2022-33201/</link>
|
||||
<pubDate>Sun, 08 May 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-33201/</guid>
|
||||
<description>MailerLite - Signup forms (official) &lt; 1.5.7 - API Key Update via CSRF</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-27848</title>
|
||||
<link>https://daffa.info/cve/cve-2022-27848/</link>
|
||||
<pubDate>Thu, 14 Apr 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-27848/</guid>
|
||||
<description>Modern Events Calendar Lite &lt; 6.5.2 - Admin+ Stored Cross-Site Scripting</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-27844</title>
|
||||
<link>https://daffa.info/cve/cve-2022-27844/</link>
|
||||
<pubDate>Mon, 11 Apr 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-27844/</guid>
|
||||
<description>WPvivid Backup and Migration Plugin &lt; 0.9.71 - Admin+ Arbitrary File Download</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-25618</title>
|
||||
<link>https://daffa.info/cve/cve-2022-25618/</link>
|
||||
<pubDate>Mon, 04 Apr 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-25618/</guid>
|
||||
<description>wpDataTables &lt; 2.1.28 - Admin+ Stored Cross-Site Scripting</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-38704</title>
|
||||
<link>https://daffa.info/cve/cve-2022-38704/</link>
|
||||
<pubDate>Wed, 23 Feb 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-38704/</guid>
|
||||
<description>WordPress SEO Redirection plugin &lt;= 8.9 - Cross-Site Request Forgery</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-23983</title>
|
||||
<link>https://daffa.info/cve/cve-2022-23983/</link>
|
||||
<pubDate>Mon, 21 Feb 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-23983/</guid>
|
||||
<description>WP Content Copy Protection &amp; No Right Click &lt; 3.4.5 - Settings Update via CSRF</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-23984</title>
|
||||
<link>https://daffa.info/cve/cve-2022-23984/</link>
|
||||
<pubDate>Mon, 21 Feb 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-23984/</guid>
|
||||
<description>wpDiscuz &lt; 7.3.12 - Sensitive Information Disclosure</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24561</title>
|
||||
<link>https://daffa.info/cve/cve-2021-24561/</link>
|
||||
<pubDate>Mon, 26 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2021-24561/</guid>
|
||||
<description>WP SMS &lt; 5.4.13 - Authenticated Stored Cross-Site Scripting</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24531</title>
|
||||
<link>https://daffa.info/cve/cve-2021-24531/</link>
|
||||
<pubDate>Wed, 21 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2021-24531/</guid>
|
||||
<description>Charitable - Donation Plugin &lt; 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24519</title>
|
||||
<link>https://daffa.info/cve/cve-2021-24519/</link>
|
||||
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2021-24519/</guid>
|
||||
<description>Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
|
||||
</item>
|
||||
|
||||
|
||||
<language>en</language>
|
||||
<lastBuildDate>Sat, 09 Mar 2019 00:00:00 +0000</lastBuildDate><atom:link href="https://daffa.info/index.xml" rel="self" type="application/rss+xml" />
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
<!doctype html><html><head><title>https://daffa.info/</title><link rel=canonical href=https://daffa.info/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/"></head></html>
|
|
@ -1,169 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto>
|
||||
<head><meta charset=utf-8>
|
||||
<meta http-equiv=x-ua-compatible content="IE=edge">
|
||||
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
|
||||
<meta name=robots content="index, follow">
|
||||
<title>CVE-2021-24519 | Muhammad Daffa</title>
|
||||
<meta name=keywords content="cve">
|
||||
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta name=author content="Muhammad Daffa">
|
||||
<link rel=canonical href=https://canonical.url/to/page>
|
||||
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
|
||||
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
|
||||
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<meta name=theme-color content="#2e2e33">
|
||||
<meta name=msapplication-TileColor content="#2e2e33">
|
||||
<noscript>
|
||||
<style>#theme-toggle,.top-link{display:none}</style>
|
||||
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
|
||||
</noscript><meta property="og:title" content="CVE-2021-24519">
|
||||
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2021-24519/">
|
||||
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
|
||||
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
|
||||
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
|
||||
<meta name=twitter:card content="summary_large_image">
|
||||
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
|
||||
<meta name=twitter:title content="CVE-2021-24519">
|
||||
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2021-24519/"}]}</script>
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nInstallation Number 1,000+\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"64","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2021-24519/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
|
||||
</head>
|
||||
<body id=top>
|
||||
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
|
||||
<header class=header>
|
||||
<nav class=nav>
|
||||
<div class=logo>
|
||||
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
|
||||
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
|
||||
<div class=logo-switches>
|
||||
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
|
||||
</button>
|
||||
<ul class="menu hidden">
|
||||
<li>
|
||||
<a href=https://daffa.info/profile/ title=About>
|
||||
<span>About</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/blog/ title=Blog>
|
||||
<span>Blog</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/portfolio/ title=Portfolio>
|
||||
<span>Portfolio</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
|
||||
<span>Search</span>
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main class=main>
|
||||
<article class=post-single>
|
||||
<header class=post-header>
|
||||
<div class=breadcrumbs><a href=https://daffa.info/>Home</a> » <a href=https://daffa.info/portfolio/>Placeholder Text</a> » <a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
|
||||
<h1 class=post-title>
|
||||
CVE-2021-24519
|
||||
</h1>
|
||||
<div class=post-description>
|
||||
Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
|
||||
</div>
|
||||
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · Muhammad Daffa
|
||||
</div>
|
||||
</header> <div class=toc>
|
||||
<details open>
|
||||
<summary accesskey=c title="(Alt + C)">
|
||||
<span class=details>Table of Contents</span>
|
||||
</summary>
|
||||
<div class=inner><nav id=TableOfContents>
|
||||
<ul>
|
||||
<li><a href=#description>Description</a></li>
|
||||
<li><a href=#plugin-name>Plugin Name</a></li>
|
||||
<li><a href=#installation-number>Installation Number</a></li>
|
||||
<li><a href=#affected-version>Affected Version</a></li>
|
||||
<li><a href=#fixed-version>Fixed Version</a></li>
|
||||
<li><a href=#advisory-link>Advisory Link</a></li>
|
||||
</ul>
|
||||
</nav>
|
||||
</div>
|
||||
</details>
|
||||
</div>
|
||||
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
|
||||
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
|
||||
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
|
||||
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
|
||||
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
|
||||
<p>1,000+</p>
|
||||
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
|
||||
<p><= 1.1.9</p>
|
||||
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
|
||||
<p>1.1.10</p>
|
||||
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
|
||||
<ul>
|
||||
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
|
||||
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<footer class=post-footer>
|
||||
<ul class=post-tags>
|
||||
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
|
||||
</ul>
|
||||
<nav class=paginav>
|
||||
<a class=prev href=https://daffa.info/portfolio/cve/cve-2021-24531/>
|
||||
<span class=title>« Prev</span>
|
||||
<br>
|
||||
<span>CVE-2021-24531</span>
|
||||
</a>
|
||||
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-23983/>
|
||||
<span class=title>Next »</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
</nav>
|
||||
<div class=share-buttons>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24519%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
|
||||
</a>
|
||||
</div>
|
||||
</footer>
|
||||
</article>
|
||||
</main>
|
||||
<footer class=footer>
|
||||
<span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>
|
||||
Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
|
||||
</span>
|
||||
</footer>
|
||||
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
|
||||
</a>
|
||||
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
|
||||
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
|
||||
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
|
||||
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,169 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto>
|
||||
<head><meta charset=utf-8>
|
||||
<meta http-equiv=x-ua-compatible content="IE=edge">
|
||||
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
|
||||
<meta name=robots content="index, follow">
|
||||
<title>CVE-2021-24531 | Muhammad Daffa</title>
|
||||
<meta name=keywords content="cve">
|
||||
<meta name=description content="Charitable - Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta name=author content="Muhammad Daffa">
|
||||
<link rel=canonical href=https://canonical.url/to/page>
|
||||
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
|
||||
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
|
||||
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<meta name=theme-color content="#2e2e33">
|
||||
<meta name=msapplication-TileColor content="#2e2e33">
|
||||
<noscript>
|
||||
<style>#theme-toggle,.top-link{display:none}</style>
|
||||
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
|
||||
</noscript><meta property="og:title" content="CVE-2021-24531">
|
||||
<meta property="og:description" content="Charitable - Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2021-24531/">
|
||||
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
|
||||
<meta property="article:published_time" content="2021-07-21T11:30:03+00:00">
|
||||
<meta property="article:modified_time" content="2021-07-21T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
|
||||
<meta name=twitter:card content="summary_large_image">
|
||||
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
|
||||
<meta name=twitter:title content="CVE-2021-24531">
|
||||
<meta name=twitter:description content="Charitable - Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24531","item":"https://daffa.info/portfolio/cve/cve-2021-24531/"}]}</script>
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24531","name":"CVE-2021-24531","description":"Charitable - Donation Plugin ","keywords":["cve"],"articleBody":"Description The Charitable - Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.\nPlugin Name Charitable\nInstallation Number 10,000+\nAffected Version Fixed Version 1.6.51\nAdvisory Link MITRE WPScan ","wordCount":"44","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-21T11:30:03Z","dateModified":"2021-07-21T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2021-24531/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
|
||||
</head>
|
||||
<body id=top>
|
||||
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
|
||||
<header class=header>
|
||||
<nav class=nav>
|
||||
<div class=logo>
|
||||
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
|
||||
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
|
||||
<div class=logo-switches>
|
||||
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
|
||||
</button>
|
||||
<ul class="menu hidden">
|
||||
<li>
|
||||
<a href=https://daffa.info/profile/ title=About>
|
||||
<span>About</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/blog/ title=Blog>
|
||||
<span>Blog</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/portfolio/ title=Portfolio>
|
||||
<span>Portfolio</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
|
||||
<span>Search</span>
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main class=main>
|
||||
<article class=post-single>
|
||||
<header class=post-header>
|
||||
<div class=breadcrumbs><a href=https://daffa.info/>Home</a> » <a href=https://daffa.info/portfolio/>Placeholder Text</a> » <a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
|
||||
<h1 class=post-title>
|
||||
CVE-2021-24531
|
||||
</h1>
|
||||
<div class=post-description>
|
||||
Charitable - Donation Plugin < 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)
|
||||
</div>
|
||||
<div class=post-meta><span title="2021-07-21 11:30:03 +0000 UTC">July 21, 2021</span> · Muhammad Daffa
|
||||
</div>
|
||||
</header> <div class=toc>
|
||||
<details open>
|
||||
<summary accesskey=c title="(Alt + C)">
|
||||
<span class=details>Table of Contents</span>
|
||||
</summary>
|
||||
<div class=inner><nav id=TableOfContents>
|
||||
<ul>
|
||||
<li><a href=#description>Description</a></li>
|
||||
<li><a href=#plugin-name>Plugin Name</a></li>
|
||||
<li><a href=#installation-number>Installation Number</a></li>
|
||||
<li><a href=#affected-version>Affected Version</a></li>
|
||||
<li><a href=#fixed-version>Fixed Version</a></li>
|
||||
<li><a href=#advisory-link>Advisory Link</a></li>
|
||||
</ul>
|
||||
</nav>
|
||||
</div>
|
||||
</details>
|
||||
</div>
|
||||
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
|
||||
<p>The Charitable - Donation Plugin WordPress plugin before 1.6.51 is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.</p>
|
||||
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
|
||||
<p><a href=https://wordpress.org/plugins/charitable/>Charitable</a></p>
|
||||
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
|
||||
<p>10,000+</p>
|
||||
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
|
||||
<p><= 1.6.50</p>
|
||||
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
|
||||
<p>1.6.51</p>
|
||||
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
|
||||
<ul>
|
||||
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24531">MITRE</a></li>
|
||||
<li><a href=https://wpscan.com/vulnerability/a5837621-ee6e-4876-9f65-82658fc0341f>WPScan</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<footer class=post-footer>
|
||||
<ul class=post-tags>
|
||||
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
|
||||
</ul>
|
||||
<nav class=paginav>
|
||||
<a class=prev href=https://daffa.info/portfolio/cve/cve-2021-24561/>
|
||||
<span class=title>« Prev</span>
|
||||
<br>
|
||||
<span>CVE-2021-24561</span>
|
||||
</a>
|
||||
<a class=next href=https://daffa.info/portfolio/cve/cve-2021-24519/>
|
||||
<span class=title>Next »</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
</nav>
|
||||
<div class=share-buttons>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24531&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f&title=CVE-2021-24531&summary=CVE-2021-24531&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f&title=CVE-2021-24531"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24531%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24531 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24531&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24531%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
|
||||
</a>
|
||||
</div>
|
||||
</footer>
|
||||
</article>
|
||||
</main>
|
||||
<footer class=footer>
|
||||
<span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>
|
||||
Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
|
||||
</span>
|
||||
</footer>
|
||||
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
|
||||
</a>
|
||||
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
|
||||
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
|
||||
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
|
||||
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,164 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto>
|
||||
<head><meta charset=utf-8>
|
||||
<meta http-equiv=x-ua-compatible content="IE=edge">
|
||||
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
|
||||
<meta name=robots content="index, follow">
|
||||
<title>CVE-2021-24561 | Muhammad Daffa</title>
|
||||
<meta name=keywords content="cve">
|
||||
<meta name=description content="WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting">
|
||||
<meta name=author content="Muhammad Daffa">
|
||||
<link rel=canonical href=https://canonical.url/to/page>
|
||||
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
|
||||
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
|
||||
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<meta name=theme-color content="#2e2e33">
|
||||
<meta name=msapplication-TileColor content="#2e2e33">
|
||||
<noscript>
|
||||
<style>#theme-toggle,.top-link{display:none}</style>
|
||||
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
|
||||
</noscript><meta property="og:title" content="CVE-2021-24561">
|
||||
<meta property="og:description" content="WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2021-24561/">
|
||||
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
|
||||
<meta property="article:published_time" content="2021-07-26T11:30:03+00:00">
|
||||
<meta property="article:modified_time" content="2021-07-26T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
|
||||
<meta name=twitter:card content="summary_large_image">
|
||||
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
|
||||
<meta name=twitter:title content="CVE-2021-24561">
|
||||
<meta name=twitter:description content="WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting">
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24561","item":"https://daffa.info/portfolio/cve/cve-2021-24561/"}]}</script>
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24561","name":"CVE-2021-24561","description":"WP SMS ","keywords":["cve"],"articleBody":"Description The WP SMS WordPress plugin before 5.4.13 does not sanitise the “wp_group_name” parameter before outputting it back in the “Groups” page, leading to an Authenticated Stored Cross-Site Scripting issue\nPlugin Name WP SMS – Messaging \u0026 SMS Notification for WordPress, WooCommerce, GravityForms, etc\nInstallation Number 8,000+\nAffected Version Fixed Version 5.4.13\nAdvisory link MITRE WPScan ","wordCount":"58","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-26T11:30:03Z","dateModified":"2021-07-26T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2021-24561/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
|
||||
</head>
|
||||
<body id=top>
|
||||
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
|
||||
<header class=header>
|
||||
<nav class=nav>
|
||||
<div class=logo>
|
||||
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
|
||||
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
|
||||
<div class=logo-switches>
|
||||
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
|
||||
</button>
|
||||
<ul class="menu hidden">
|
||||
<li>
|
||||
<a href=https://daffa.info/profile/ title=About>
|
||||
<span>About</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/blog/ title=Blog>
|
||||
<span>Blog</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/portfolio/ title=Portfolio>
|
||||
<span>Portfolio</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
|
||||
<span>Search</span>
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main class=main>
|
||||
<article class=post-single>
|
||||
<header class=post-header>
|
||||
<div class=breadcrumbs><a href=https://daffa.info/>Home</a> » <a href=https://daffa.info/portfolio/>Placeholder Text</a> » <a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
|
||||
<h1 class=post-title>
|
||||
CVE-2021-24561
|
||||
</h1>
|
||||
<div class=post-description>
|
||||
WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting
|
||||
</div>
|
||||
<div class=post-meta><span title="2021-07-26 11:30:03 +0000 UTC">July 26, 2021</span> · Muhammad Daffa
|
||||
</div>
|
||||
</header> <div class=toc>
|
||||
<details open>
|
||||
<summary accesskey=c title="(Alt + C)">
|
||||
<span class=details>Table of Contents</span>
|
||||
</summary>
|
||||
<div class=inner><nav id=TableOfContents>
|
||||
<ul>
|
||||
<li><a href=#description>Description</a></li>
|
||||
<li><a href=#plugin-name>Plugin Name</a></li>
|
||||
<li><a href=#installation-number>Installation Number</a></li>
|
||||
<li><a href=#affected-version>Affected Version</a></li>
|
||||
<li><a href=#fixed-version>Fixed Version</a></li>
|
||||
<li><a href=#advisory-link>Advisory link</a></li>
|
||||
</ul>
|
||||
</nav>
|
||||
</div>
|
||||
</details>
|
||||
</div>
|
||||
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
|
||||
<p>The WP SMS WordPress plugin before 5.4.13 does not sanitise the “wp_group_name” parameter before outputting it back in the “Groups” page, leading to an Authenticated Stored Cross-Site Scripting issue</p>
|
||||
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
|
||||
<p><a href=https://wordpress.org/plugins/wp-sms/>WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc</a></p>
|
||||
<h2 id=installation-number>Installation Number<a hidden class=anchor aria-hidden=true href=#installation-number>#</a></h2>
|
||||
<p>8,000+</p>
|
||||
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
|
||||
<p><= 5.4.12</p>
|
||||
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
|
||||
<p>5.4.13</p>
|
||||
<h2 id=advisory-link>Advisory link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
|
||||
<ul>
|
||||
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24561">MITRE</a></li>
|
||||
<li><a href=https://wpscan.com/vulnerability/5433ef4c-4451-4b6e-992b-69c5eccabf90>WPScan</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<footer class=post-footer>
|
||||
<ul class=post-tags>
|
||||
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
|
||||
</ul>
|
||||
<nav class=paginav>
|
||||
<a class=next href=https://daffa.info/portfolio/cve/cve-2021-24531/>
|
||||
<span class=title>Next »</span>
|
||||
<br>
|
||||
<span>CVE-2021-24531</span>
|
||||
</a>
|
||||
</nav>
|
||||
<div class=share-buttons>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24561&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f&title=CVE-2021-24561&summary=CVE-2021-24561&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f&title=CVE-2021-24561"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24561%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24561 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24561&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2021-24561%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
|
||||
</a>
|
||||
</div>
|
||||
</footer>
|
||||
</article>
|
||||
</main>
|
||||
<footer class=footer>
|
||||
<span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>
|
||||
Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
|
||||
</span>
|
||||
</footer>
|
||||
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
|
||||
</a>
|
||||
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
|
||||
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
|
||||
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
|
||||
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,166 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto>
|
||||
<head><meta charset=utf-8>
|
||||
<meta http-equiv=x-ua-compatible content="IE=edge">
|
||||
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
|
||||
<meta name=robots content="index, follow">
|
||||
<title>CVE-2021-24519 | Muhammad Daffa</title>
|
||||
<meta name=keywords content="cve">
|
||||
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta name=author content="Muhammad Daffa">
|
||||
<link rel=canonical href=https://canonical.url/to/page>
|
||||
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
|
||||
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
|
||||
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<meta name=theme-color content="#2e2e33">
|
||||
<meta name=msapplication-TileColor content="#2e2e33">
|
||||
<noscript>
|
||||
<style>#theme-toggle,.top-link{display:none}</style>
|
||||
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
|
||||
</noscript><meta property="og:title" content="CVE-2021-24519">
|
||||
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-23983/">
|
||||
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
|
||||
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
|
||||
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
|
||||
<meta name=twitter:card content="summary_large_image">
|
||||
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
|
||||
<meta name=twitter:title content="CVE-2021-24519">
|
||||
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-23983/"}]}</script>
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-23983/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
|
||||
</head>
|
||||
<body id=top>
|
||||
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
|
||||
<header class=header>
|
||||
<nav class=nav>
|
||||
<div class=logo>
|
||||
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
|
||||
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
|
||||
<div class=logo-switches>
|
||||
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
|
||||
</button>
|
||||
<ul class="menu hidden">
|
||||
<li>
|
||||
<a href=https://daffa.info/profile/ title=About>
|
||||
<span>About</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/blog/ title=Blog>
|
||||
<span>Blog</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/portfolio/ title=Portfolio>
|
||||
<span>Portfolio</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
|
||||
<span>Search</span>
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main class=main>
|
||||
<article class=post-single>
|
||||
<header class=post-header>
|
||||
<div class=breadcrumbs><a href=https://daffa.info/>Home</a> » <a href=https://daffa.info/portfolio/>Placeholder Text</a> » <a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
|
||||
<h1 class=post-title>
|
||||
CVE-2021-24519
|
||||
</h1>
|
||||
<div class=post-description>
|
||||
Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
|
||||
</div>
|
||||
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa
|
||||
</div>
|
||||
</header> <div class=toc>
|
||||
<details open>
|
||||
<summary accesskey=c title="(Alt + C)">
|
||||
<span class=details>Table of Contents</span>
|
||||
</summary>
|
||||
<div class=inner><nav id=TableOfContents>
|
||||
<ul>
|
||||
<li><a href=#description>Description</a></li>
|
||||
<li><a href=#plugin-name>Plugin Name</a></li>
|
||||
<li><a href=#affected-version>Affected Version</a></li>
|
||||
<li><a href=#fixed-version>Fixed Version</a></li>
|
||||
<li><a href=#advisory-link>Advisory Link</a></li>
|
||||
</ul>
|
||||
</nav>
|
||||
</div>
|
||||
</details>
|
||||
</div>
|
||||
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
|
||||
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
|
||||
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
|
||||
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
|
||||
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
|
||||
<p><= 1.1.9</p>
|
||||
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
|
||||
<p>1.1.10</p>
|
||||
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
|
||||
<ul>
|
||||
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
|
||||
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<footer class=post-footer>
|
||||
<ul class=post-tags>
|
||||
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
|
||||
</ul>
|
||||
<nav class=paginav>
|
||||
<a class=prev href=https://daffa.info/portfolio/cve/cve-2021-24519/>
|
||||
<span class=title>« Prev</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-23984/>
|
||||
<span class=title>Next »</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
</nav>
|
||||
<div class=share-buttons>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23983%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
|
||||
</a>
|
||||
</div>
|
||||
</footer>
|
||||
</article>
|
||||
</main>
|
||||
<footer class=footer>
|
||||
<span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>
|
||||
Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
|
||||
</span>
|
||||
</footer>
|
||||
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
|
||||
</a>
|
||||
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
|
||||
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
|
||||
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
|
||||
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,166 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto>
|
||||
<head><meta charset=utf-8>
|
||||
<meta http-equiv=x-ua-compatible content="IE=edge">
|
||||
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
|
||||
<meta name=robots content="index, follow">
|
||||
<title>CVE-2021-24519 | Muhammad Daffa</title>
|
||||
<meta name=keywords content="cve">
|
||||
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta name=author content="Muhammad Daffa">
|
||||
<link rel=canonical href=https://canonical.url/to/page>
|
||||
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
|
||||
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
|
||||
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<meta name=theme-color content="#2e2e33">
|
||||
<meta name=msapplication-TileColor content="#2e2e33">
|
||||
<noscript>
|
||||
<style>#theme-toggle,.top-link{display:none}</style>
|
||||
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
|
||||
</noscript><meta property="og:title" content="CVE-2021-24519">
|
||||
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-23984/">
|
||||
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
|
||||
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
|
||||
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
|
||||
<meta name=twitter:card content="summary_large_image">
|
||||
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
|
||||
<meta name=twitter:title content="CVE-2021-24519">
|
||||
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-23984/"}]}</script>
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-23984/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
|
||||
</head>
|
||||
<body id=top>
|
||||
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
|
||||
<header class=header>
|
||||
<nav class=nav>
|
||||
<div class=logo>
|
||||
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
|
||||
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
|
||||
<div class=logo-switches>
|
||||
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
|
||||
</button>
|
||||
<ul class="menu hidden">
|
||||
<li>
|
||||
<a href=https://daffa.info/profile/ title=About>
|
||||
<span>About</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/blog/ title=Blog>
|
||||
<span>Blog</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/portfolio/ title=Portfolio>
|
||||
<span>Portfolio</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
|
||||
<span>Search</span>
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main class=main>
|
||||
<article class=post-single>
|
||||
<header class=post-header>
|
||||
<div class=breadcrumbs><a href=https://daffa.info/>Home</a> » <a href=https://daffa.info/portfolio/>Placeholder Text</a> » <a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
|
||||
<h1 class=post-title>
|
||||
CVE-2021-24519
|
||||
</h1>
|
||||
<div class=post-description>
|
||||
Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
|
||||
</div>
|
||||
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa
|
||||
</div>
|
||||
</header> <div class=toc>
|
||||
<details open>
|
||||
<summary accesskey=c title="(Alt + C)">
|
||||
<span class=details>Table of Contents</span>
|
||||
</summary>
|
||||
<div class=inner><nav id=TableOfContents>
|
||||
<ul>
|
||||
<li><a href=#description>Description</a></li>
|
||||
<li><a href=#plugin-name>Plugin Name</a></li>
|
||||
<li><a href=#affected-version>Affected Version</a></li>
|
||||
<li><a href=#fixed-version>Fixed Version</a></li>
|
||||
<li><a href=#advisory-link>Advisory Link</a></li>
|
||||
</ul>
|
||||
</nav>
|
||||
</div>
|
||||
</details>
|
||||
</div>
|
||||
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
|
||||
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
|
||||
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
|
||||
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
|
||||
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
|
||||
<p><= 1.1.9</p>
|
||||
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
|
||||
<p>1.1.10</p>
|
||||
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
|
||||
<ul>
|
||||
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
|
||||
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<footer class=post-footer>
|
||||
<ul class=post-tags>
|
||||
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
|
||||
</ul>
|
||||
<nav class=paginav>
|
||||
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-23983/>
|
||||
<span class=title>« Prev</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-25618/>
|
||||
<span class=title>Next »</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
</nav>
|
||||
<div class=share-buttons>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-23984%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
|
||||
</a>
|
||||
</div>
|
||||
</footer>
|
||||
</article>
|
||||
</main>
|
||||
<footer class=footer>
|
||||
<span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>
|
||||
Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
|
||||
</span>
|
||||
</footer>
|
||||
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
|
||||
</a>
|
||||
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
|
||||
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
|
||||
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
|
||||
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,166 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto>
|
||||
<head><meta charset=utf-8>
|
||||
<meta http-equiv=x-ua-compatible content="IE=edge">
|
||||
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
|
||||
<meta name=robots content="index, follow">
|
||||
<title>CVE-2021-24519 | Muhammad Daffa</title>
|
||||
<meta name=keywords content="cve">
|
||||
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta name=author content="Muhammad Daffa">
|
||||
<link rel=canonical href=https://canonical.url/to/page>
|
||||
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
|
||||
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
|
||||
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<meta name=theme-color content="#2e2e33">
|
||||
<meta name=msapplication-TileColor content="#2e2e33">
|
||||
<noscript>
|
||||
<style>#theme-toggle,.top-link{display:none}</style>
|
||||
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
|
||||
</noscript><meta property="og:title" content="CVE-2021-24519">
|
||||
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-25618/">
|
||||
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
|
||||
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
|
||||
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
|
||||
<meta name=twitter:card content="summary_large_image">
|
||||
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
|
||||
<meta name=twitter:title content="CVE-2021-24519">
|
||||
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-25618/"}]}</script>
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-25618/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
|
||||
</head>
|
||||
<body id=top>
|
||||
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
|
||||
<header class=header>
|
||||
<nav class=nav>
|
||||
<div class=logo>
|
||||
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
|
||||
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
|
||||
<div class=logo-switches>
|
||||
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
|
||||
</button>
|
||||
<ul class="menu hidden">
|
||||
<li>
|
||||
<a href=https://daffa.info/profile/ title=About>
|
||||
<span>About</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/blog/ title=Blog>
|
||||
<span>Blog</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/portfolio/ title=Portfolio>
|
||||
<span>Portfolio</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
|
||||
<span>Search</span>
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main class=main>
|
||||
<article class=post-single>
|
||||
<header class=post-header>
|
||||
<div class=breadcrumbs><a href=https://daffa.info/>Home</a> » <a href=https://daffa.info/portfolio/>Placeholder Text</a> » <a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
|
||||
<h1 class=post-title>
|
||||
CVE-2021-24519
|
||||
</h1>
|
||||
<div class=post-description>
|
||||
Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
|
||||
</div>
|
||||
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa
|
||||
</div>
|
||||
</header> <div class=toc>
|
||||
<details open>
|
||||
<summary accesskey=c title="(Alt + C)">
|
||||
<span class=details>Table of Contents</span>
|
||||
</summary>
|
||||
<div class=inner><nav id=TableOfContents>
|
||||
<ul>
|
||||
<li><a href=#description>Description</a></li>
|
||||
<li><a href=#plugin-name>Plugin Name</a></li>
|
||||
<li><a href=#affected-version>Affected Version</a></li>
|
||||
<li><a href=#fixed-version>Fixed Version</a></li>
|
||||
<li><a href=#advisory-link>Advisory Link</a></li>
|
||||
</ul>
|
||||
</nav>
|
||||
</div>
|
||||
</details>
|
||||
</div>
|
||||
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
|
||||
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
|
||||
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
|
||||
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
|
||||
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
|
||||
<p><= 1.1.9</p>
|
||||
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
|
||||
<p>1.1.10</p>
|
||||
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
|
||||
<ul>
|
||||
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
|
||||
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<footer class=post-footer>
|
||||
<ul class=post-tags>
|
||||
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
|
||||
</ul>
|
||||
<nav class=paginav>
|
||||
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-23984/>
|
||||
<span class=title>« Prev</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-27844/>
|
||||
<span class=title>Next »</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
</nav>
|
||||
<div class=share-buttons>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-25618%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
|
||||
</a>
|
||||
</div>
|
||||
</footer>
|
||||
</article>
|
||||
</main>
|
||||
<footer class=footer>
|
||||
<span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>
|
||||
Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
|
||||
</span>
|
||||
</footer>
|
||||
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
|
||||
</a>
|
||||
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
|
||||
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
|
||||
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
|
||||
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,166 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto>
|
||||
<head><meta charset=utf-8>
|
||||
<meta http-equiv=x-ua-compatible content="IE=edge">
|
||||
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
|
||||
<meta name=robots content="index, follow">
|
||||
<title>CVE-2021-24519 | Muhammad Daffa</title>
|
||||
<meta name=keywords content="cve">
|
||||
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta name=author content="Muhammad Daffa">
|
||||
<link rel=canonical href=https://canonical.url/to/page>
|
||||
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
|
||||
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
|
||||
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<meta name=theme-color content="#2e2e33">
|
||||
<meta name=msapplication-TileColor content="#2e2e33">
|
||||
<noscript>
|
||||
<style>#theme-toggle,.top-link{display:none}</style>
|
||||
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
|
||||
</noscript><meta property="og:title" content="CVE-2021-24519">
|
||||
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-27844/">
|
||||
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
|
||||
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
|
||||
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
|
||||
<meta name=twitter:card content="summary_large_image">
|
||||
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
|
||||
<meta name=twitter:title content="CVE-2021-24519">
|
||||
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-27844/"}]}</script>
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-27844/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
|
||||
</head>
|
||||
<body id=top>
|
||||
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
|
||||
<header class=header>
|
||||
<nav class=nav>
|
||||
<div class=logo>
|
||||
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
|
||||
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
|
||||
<div class=logo-switches>
|
||||
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
|
||||
</button>
|
||||
<ul class="menu hidden">
|
||||
<li>
|
||||
<a href=https://daffa.info/profile/ title=About>
|
||||
<span>About</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/blog/ title=Blog>
|
||||
<span>Blog</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/portfolio/ title=Portfolio>
|
||||
<span>Portfolio</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
|
||||
<span>Search</span>
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main class=main>
|
||||
<article class=post-single>
|
||||
<header class=post-header>
|
||||
<div class=breadcrumbs><a href=https://daffa.info/>Home</a> » <a href=https://daffa.info/portfolio/>Placeholder Text</a> » <a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
|
||||
<h1 class=post-title>
|
||||
CVE-2021-24519
|
||||
</h1>
|
||||
<div class=post-description>
|
||||
Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
|
||||
</div>
|
||||
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa
|
||||
</div>
|
||||
</header> <div class=toc>
|
||||
<details open>
|
||||
<summary accesskey=c title="(Alt + C)">
|
||||
<span class=details>Table of Contents</span>
|
||||
</summary>
|
||||
<div class=inner><nav id=TableOfContents>
|
||||
<ul>
|
||||
<li><a href=#description>Description</a></li>
|
||||
<li><a href=#plugin-name>Plugin Name</a></li>
|
||||
<li><a href=#affected-version>Affected Version</a></li>
|
||||
<li><a href=#fixed-version>Fixed Version</a></li>
|
||||
<li><a href=#advisory-link>Advisory Link</a></li>
|
||||
</ul>
|
||||
</nav>
|
||||
</div>
|
||||
</details>
|
||||
</div>
|
||||
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
|
||||
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
|
||||
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
|
||||
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
|
||||
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
|
||||
<p><= 1.1.9</p>
|
||||
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
|
||||
<p>1.1.10</p>
|
||||
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
|
||||
<ul>
|
||||
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
|
||||
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<footer class=post-footer>
|
||||
<ul class=post-tags>
|
||||
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
|
||||
</ul>
|
||||
<nav class=paginav>
|
||||
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-25618/>
|
||||
<span class=title>« Prev</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-27848/>
|
||||
<span class=title>Next »</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
</nav>
|
||||
<div class=share-buttons>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27844%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
|
||||
</a>
|
||||
</div>
|
||||
</footer>
|
||||
</article>
|
||||
</main>
|
||||
<footer class=footer>
|
||||
<span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>
|
||||
Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
|
||||
</span>
|
||||
</footer>
|
||||
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
|
||||
</a>
|
||||
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
|
||||
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
|
||||
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
|
||||
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,166 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto>
|
||||
<head><meta charset=utf-8>
|
||||
<meta http-equiv=x-ua-compatible content="IE=edge">
|
||||
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
|
||||
<meta name=robots content="index, follow">
|
||||
<title>CVE-2021-24519 | Muhammad Daffa</title>
|
||||
<meta name=keywords content="cve">
|
||||
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta name=author content="Muhammad Daffa">
|
||||
<link rel=canonical href=https://canonical.url/to/page>
|
||||
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
|
||||
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
|
||||
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<meta name=theme-color content="#2e2e33">
|
||||
<meta name=msapplication-TileColor content="#2e2e33">
|
||||
<noscript>
|
||||
<style>#theme-toggle,.top-link{display:none}</style>
|
||||
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
|
||||
</noscript><meta property="og:title" content="CVE-2021-24519">
|
||||
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-27848/">
|
||||
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
|
||||
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
|
||||
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
|
||||
<meta name=twitter:card content="summary_large_image">
|
||||
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
|
||||
<meta name=twitter:title content="CVE-2021-24519">
|
||||
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-27848/"}]}</script>
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-27848/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
|
||||
</head>
|
||||
<body id=top>
|
||||
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
|
||||
<header class=header>
|
||||
<nav class=nav>
|
||||
<div class=logo>
|
||||
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
|
||||
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
|
||||
<div class=logo-switches>
|
||||
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
|
||||
</button>
|
||||
<ul class="menu hidden">
|
||||
<li>
|
||||
<a href=https://daffa.info/profile/ title=About>
|
||||
<span>About</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/blog/ title=Blog>
|
||||
<span>Blog</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/portfolio/ title=Portfolio>
|
||||
<span>Portfolio</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
|
||||
<span>Search</span>
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main class=main>
|
||||
<article class=post-single>
|
||||
<header class=post-header>
|
||||
<div class=breadcrumbs><a href=https://daffa.info/>Home</a> » <a href=https://daffa.info/portfolio/>Placeholder Text</a> » <a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
|
||||
<h1 class=post-title>
|
||||
CVE-2021-24519
|
||||
</h1>
|
||||
<div class=post-description>
|
||||
Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
|
||||
</div>
|
||||
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa
|
||||
</div>
|
||||
</header> <div class=toc>
|
||||
<details open>
|
||||
<summary accesskey=c title="(Alt + C)">
|
||||
<span class=details>Table of Contents</span>
|
||||
</summary>
|
||||
<div class=inner><nav id=TableOfContents>
|
||||
<ul>
|
||||
<li><a href=#description>Description</a></li>
|
||||
<li><a href=#plugin-name>Plugin Name</a></li>
|
||||
<li><a href=#affected-version>Affected Version</a></li>
|
||||
<li><a href=#fixed-version>Fixed Version</a></li>
|
||||
<li><a href=#advisory-link>Advisory Link</a></li>
|
||||
</ul>
|
||||
</nav>
|
||||
</div>
|
||||
</details>
|
||||
</div>
|
||||
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
|
||||
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
|
||||
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
|
||||
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
|
||||
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
|
||||
<p><= 1.1.9</p>
|
||||
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
|
||||
<p>1.1.10</p>
|
||||
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
|
||||
<ul>
|
||||
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
|
||||
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<footer class=post-footer>
|
||||
<ul class=post-tags>
|
||||
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
|
||||
</ul>
|
||||
<nav class=paginav>
|
||||
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-27844/>
|
||||
<span class=title>« Prev</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-33201/>
|
||||
<span class=title>Next »</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
</nav>
|
||||
<div class=share-buttons>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-27848%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
|
||||
</a>
|
||||
</div>
|
||||
</footer>
|
||||
</article>
|
||||
</main>
|
||||
<footer class=footer>
|
||||
<span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>
|
||||
Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
|
||||
</span>
|
||||
</footer>
|
||||
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
|
||||
</a>
|
||||
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
|
||||
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
|
||||
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
|
||||
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,166 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto>
|
||||
<head><meta charset=utf-8>
|
||||
<meta http-equiv=x-ua-compatible content="IE=edge">
|
||||
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
|
||||
<meta name=robots content="index, follow">
|
||||
<title>CVE-2021-24519 | Muhammad Daffa</title>
|
||||
<meta name=keywords content="cve">
|
||||
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta name=author content="Muhammad Daffa">
|
||||
<link rel=canonical href=https://canonical.url/to/page>
|
||||
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
|
||||
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
|
||||
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<meta name=theme-color content="#2e2e33">
|
||||
<meta name=msapplication-TileColor content="#2e2e33">
|
||||
<noscript>
|
||||
<style>#theme-toggle,.top-link{display:none}</style>
|
||||
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
|
||||
</noscript><meta property="og:title" content="CVE-2021-24519">
|
||||
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-33201/">
|
||||
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
|
||||
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
|
||||
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
|
||||
<meta name=twitter:card content="summary_large_image">
|
||||
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
|
||||
<meta name=twitter:title content="CVE-2021-24519">
|
||||
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-33201/"}]}</script>
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-33201/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
|
||||
</head>
|
||||
<body id=top>
|
||||
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
|
||||
<header class=header>
|
||||
<nav class=nav>
|
||||
<div class=logo>
|
||||
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
|
||||
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
|
||||
<div class=logo-switches>
|
||||
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
|
||||
</button>
|
||||
<ul class="menu hidden">
|
||||
<li>
|
||||
<a href=https://daffa.info/profile/ title=About>
|
||||
<span>About</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/blog/ title=Blog>
|
||||
<span>Blog</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/portfolio/ title=Portfolio>
|
||||
<span>Portfolio</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
|
||||
<span>Search</span>
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main class=main>
|
||||
<article class=post-single>
|
||||
<header class=post-header>
|
||||
<div class=breadcrumbs><a href=https://daffa.info/>Home</a> » <a href=https://daffa.info/portfolio/>Placeholder Text</a> » <a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
|
||||
<h1 class=post-title>
|
||||
CVE-2021-24519
|
||||
</h1>
|
||||
<div class=post-description>
|
||||
Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
|
||||
</div>
|
||||
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa
|
||||
</div>
|
||||
</header> <div class=toc>
|
||||
<details open>
|
||||
<summary accesskey=c title="(Alt + C)">
|
||||
<span class=details>Table of Contents</span>
|
||||
</summary>
|
||||
<div class=inner><nav id=TableOfContents>
|
||||
<ul>
|
||||
<li><a href=#description>Description</a></li>
|
||||
<li><a href=#plugin-name>Plugin Name</a></li>
|
||||
<li><a href=#affected-version>Affected Version</a></li>
|
||||
<li><a href=#fixed-version>Fixed Version</a></li>
|
||||
<li><a href=#advisory-link>Advisory Link</a></li>
|
||||
</ul>
|
||||
</nav>
|
||||
</div>
|
||||
</details>
|
||||
</div>
|
||||
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
|
||||
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
|
||||
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
|
||||
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
|
||||
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
|
||||
<p><= 1.1.9</p>
|
||||
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
|
||||
<p>1.1.10</p>
|
||||
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
|
||||
<ul>
|
||||
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
|
||||
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<footer class=post-footer>
|
||||
<ul class=post-tags>
|
||||
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
|
||||
</ul>
|
||||
<nav class=paginav>
|
||||
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-27848/>
|
||||
<span class=title>« Prev</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-34347/>
|
||||
<span class=title>Next »</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
</nav>
|
||||
<div class=share-buttons>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-33201%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
|
||||
</a>
|
||||
</div>
|
||||
</footer>
|
||||
</article>
|
||||
</main>
|
||||
<footer class=footer>
|
||||
<span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>
|
||||
Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
|
||||
</span>
|
||||
</footer>
|
||||
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
|
||||
</a>
|
||||
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
|
||||
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
|
||||
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
|
||||
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,166 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto>
|
||||
<head><meta charset=utf-8>
|
||||
<meta http-equiv=x-ua-compatible content="IE=edge">
|
||||
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
|
||||
<meta name=robots content="index, follow">
|
||||
<title>CVE-2021-24519 | Muhammad Daffa</title>
|
||||
<meta name=keywords content="cve">
|
||||
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta name=author content="Muhammad Daffa">
|
||||
<link rel=canonical href=https://canonical.url/to/page>
|
||||
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
|
||||
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
|
||||
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<meta name=theme-color content="#2e2e33">
|
||||
<meta name=msapplication-TileColor content="#2e2e33">
|
||||
<noscript>
|
||||
<style>#theme-toggle,.top-link{display:none}</style>
|
||||
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
|
||||
</noscript><meta property="og:title" content="CVE-2021-24519">
|
||||
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-34347/">
|
||||
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
|
||||
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
|
||||
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
|
||||
<meta name=twitter:card content="summary_large_image">
|
||||
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
|
||||
<meta name=twitter:title content="CVE-2021-24519">
|
||||
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-34347/"}]}</script>
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-34347/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
|
||||
</head>
|
||||
<body id=top>
|
||||
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
|
||||
<header class=header>
|
||||
<nav class=nav>
|
||||
<div class=logo>
|
||||
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
|
||||
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
|
||||
<div class=logo-switches>
|
||||
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
|
||||
</button>
|
||||
<ul class="menu hidden">
|
||||
<li>
|
||||
<a href=https://daffa.info/profile/ title=About>
|
||||
<span>About</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/blog/ title=Blog>
|
||||
<span>Blog</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/portfolio/ title=Portfolio>
|
||||
<span>Portfolio</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
|
||||
<span>Search</span>
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main class=main>
|
||||
<article class=post-single>
|
||||
<header class=post-header>
|
||||
<div class=breadcrumbs><a href=https://daffa.info/>Home</a> » <a href=https://daffa.info/portfolio/>Placeholder Text</a> » <a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
|
||||
<h1 class=post-title>
|
||||
CVE-2021-24519
|
||||
</h1>
|
||||
<div class=post-description>
|
||||
Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
|
||||
</div>
|
||||
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa
|
||||
</div>
|
||||
</header> <div class=toc>
|
||||
<details open>
|
||||
<summary accesskey=c title="(Alt + C)">
|
||||
<span class=details>Table of Contents</span>
|
||||
</summary>
|
||||
<div class=inner><nav id=TableOfContents>
|
||||
<ul>
|
||||
<li><a href=#description>Description</a></li>
|
||||
<li><a href=#plugin-name>Plugin Name</a></li>
|
||||
<li><a href=#affected-version>Affected Version</a></li>
|
||||
<li><a href=#fixed-version>Fixed Version</a></li>
|
||||
<li><a href=#advisory-link>Advisory Link</a></li>
|
||||
</ul>
|
||||
</nav>
|
||||
</div>
|
||||
</details>
|
||||
</div>
|
||||
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
|
||||
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
|
||||
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
|
||||
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
|
||||
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
|
||||
<p><= 1.1.9</p>
|
||||
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
|
||||
<p>1.1.10</p>
|
||||
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
|
||||
<ul>
|
||||
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
|
||||
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<footer class=post-footer>
|
||||
<ul class=post-tags>
|
||||
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
|
||||
</ul>
|
||||
<nav class=paginav>
|
||||
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-33201/>
|
||||
<span class=title>« Prev</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-36282/>
|
||||
<span class=title>Next »</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
</nav>
|
||||
<div class=share-buttons>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-34347%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
|
||||
</a>
|
||||
</div>
|
||||
</footer>
|
||||
</article>
|
||||
</main>
|
||||
<footer class=footer>
|
||||
<span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>
|
||||
Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
|
||||
</span>
|
||||
</footer>
|
||||
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
|
||||
</a>
|
||||
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
|
||||
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
|
||||
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
|
||||
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,166 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto>
|
||||
<head><meta charset=utf-8>
|
||||
<meta http-equiv=x-ua-compatible content="IE=edge">
|
||||
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
|
||||
<meta name=robots content="index, follow">
|
||||
<title>CVE-2021-24519 | Muhammad Daffa</title>
|
||||
<meta name=keywords content="cve">
|
||||
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta name=author content="Muhammad Daffa">
|
||||
<link rel=canonical href=https://canonical.url/to/page>
|
||||
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
|
||||
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
|
||||
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<meta name=theme-color content="#2e2e33">
|
||||
<meta name=msapplication-TileColor content="#2e2e33">
|
||||
<noscript>
|
||||
<style>#theme-toggle,.top-link{display:none}</style>
|
||||
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
|
||||
</noscript><meta property="og:title" content="CVE-2021-24519">
|
||||
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-36282/">
|
||||
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
|
||||
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
|
||||
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
|
||||
<meta name=twitter:card content="summary_large_image">
|
||||
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
|
||||
<meta name=twitter:title content="CVE-2021-24519">
|
||||
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-36282/"}]}</script>
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-36282/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
|
||||
</head>
|
||||
<body id=top>
|
||||
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
|
||||
<header class=header>
|
||||
<nav class=nav>
|
||||
<div class=logo>
|
||||
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
|
||||
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
|
||||
<div class=logo-switches>
|
||||
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
|
||||
</button>
|
||||
<ul class="menu hidden">
|
||||
<li>
|
||||
<a href=https://daffa.info/profile/ title=About>
|
||||
<span>About</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/blog/ title=Blog>
|
||||
<span>Blog</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/portfolio/ title=Portfolio>
|
||||
<span>Portfolio</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
|
||||
<span>Search</span>
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main class=main>
|
||||
<article class=post-single>
|
||||
<header class=post-header>
|
||||
<div class=breadcrumbs><a href=https://daffa.info/>Home</a> » <a href=https://daffa.info/portfolio/>Placeholder Text</a> » <a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
|
||||
<h1 class=post-title>
|
||||
CVE-2021-24519
|
||||
</h1>
|
||||
<div class=post-description>
|
||||
Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
|
||||
</div>
|
||||
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa
|
||||
</div>
|
||||
</header> <div class=toc>
|
||||
<details open>
|
||||
<summary accesskey=c title="(Alt + C)">
|
||||
<span class=details>Table of Contents</span>
|
||||
</summary>
|
||||
<div class=inner><nav id=TableOfContents>
|
||||
<ul>
|
||||
<li><a href=#description>Description</a></li>
|
||||
<li><a href=#plugin-name>Plugin Name</a></li>
|
||||
<li><a href=#affected-version>Affected Version</a></li>
|
||||
<li><a href=#fixed-version>Fixed Version</a></li>
|
||||
<li><a href=#advisory-link>Advisory Link</a></li>
|
||||
</ul>
|
||||
</nav>
|
||||
</div>
|
||||
</details>
|
||||
</div>
|
||||
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
|
||||
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
|
||||
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
|
||||
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
|
||||
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
|
||||
<p><= 1.1.9</p>
|
||||
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
|
||||
<p>1.1.10</p>
|
||||
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
|
||||
<ul>
|
||||
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
|
||||
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<footer class=post-footer>
|
||||
<ul class=post-tags>
|
||||
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
|
||||
</ul>
|
||||
<nav class=paginav>
|
||||
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-34347/>
|
||||
<span class=title>« Prev</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
<a class=next href=https://daffa.info/portfolio/cve/cve-2022-36346/>
|
||||
<span class=title>Next »</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
</nav>
|
||||
<div class=share-buttons>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36282%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
|
||||
</a>
|
||||
</div>
|
||||
</footer>
|
||||
</article>
|
||||
</main>
|
||||
<footer class=footer>
|
||||
<span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>
|
||||
Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
|
||||
</span>
|
||||
</footer>
|
||||
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
|
||||
</a>
|
||||
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
|
||||
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
|
||||
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
|
||||
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,161 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto>
|
||||
<head><meta charset=utf-8>
|
||||
<meta http-equiv=x-ua-compatible content="IE=edge">
|
||||
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
|
||||
<meta name=robots content="index, follow">
|
||||
<title>CVE-2021-24519 | Muhammad Daffa</title>
|
||||
<meta name=keywords content="cve">
|
||||
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta name=author content="Muhammad Daffa">
|
||||
<link rel=canonical href=https://canonical.url/to/page>
|
||||
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
|
||||
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
|
||||
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<meta name=theme-color content="#2e2e33">
|
||||
<meta name=msapplication-TileColor content="#2e2e33">
|
||||
<noscript>
|
||||
<style>#theme-toggle,.top-link{display:none}</style>
|
||||
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
|
||||
</noscript><meta property="og:title" content="CVE-2021-24519">
|
||||
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="og:url" content="https://daffa.info/portfolio/cve/cve-2022-36346/">
|
||||
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="portfolio">
|
||||
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
|
||||
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
|
||||
<meta name=twitter:card content="summary_large_image">
|
||||
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
|
||||
<meta name=twitter:title content="CVE-2021-24519">
|
||||
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"},{"@type":"ListItem","position":3,"name":"CVE-2021-24519","item":"https://daffa.info/portfolio/cve/cve-2022-36346/"}]}</script>
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/portfolio/cve/cve-2022-36346/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
|
||||
</head>
|
||||
<body id=top>
|
||||
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
|
||||
<header class=header>
|
||||
<nav class=nav>
|
||||
<div class=logo>
|
||||
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
|
||||
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
|
||||
<div class=logo-switches>
|
||||
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
|
||||
</button>
|
||||
<ul class="menu hidden">
|
||||
<li>
|
||||
<a href=https://daffa.info/profile/ title=About>
|
||||
<span>About</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/blog/ title=Blog>
|
||||
<span>Blog</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/portfolio/ title=Portfolio>
|
||||
<span>Portfolio</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
|
||||
<span>Search</span>
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main class=main>
|
||||
<article class=post-single>
|
||||
<header class=post-header>
|
||||
<div class=breadcrumbs><a href=https://daffa.info/>Home</a> » <a href=https://daffa.info/portfolio/>Placeholder Text</a> » <a href=https://daffa.info/portfolio/cve/>CVEs</a></div>
|
||||
<h1 class=post-title>
|
||||
CVE-2021-24519
|
||||
</h1>
|
||||
<div class=post-description>
|
||||
Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
|
||||
</div>
|
||||
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa
|
||||
</div>
|
||||
</header> <div class=toc>
|
||||
<details open>
|
||||
<summary accesskey=c title="(Alt + C)">
|
||||
<span class=details>Table of Contents</span>
|
||||
</summary>
|
||||
<div class=inner><nav id=TableOfContents>
|
||||
<ul>
|
||||
<li><a href=#description>Description</a></li>
|
||||
<li><a href=#plugin-name>Plugin Name</a></li>
|
||||
<li><a href=#affected-version>Affected Version</a></li>
|
||||
<li><a href=#fixed-version>Fixed Version</a></li>
|
||||
<li><a href=#advisory-link>Advisory Link</a></li>
|
||||
</ul>
|
||||
</nav>
|
||||
</div>
|
||||
</details>
|
||||
</div>
|
||||
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
|
||||
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
|
||||
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
|
||||
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
|
||||
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
|
||||
<p><= 1.1.9</p>
|
||||
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
|
||||
<p>1.1.10</p>
|
||||
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
|
||||
<ul>
|
||||
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
|
||||
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<footer class=post-footer>
|
||||
<ul class=post-tags>
|
||||
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
|
||||
</ul>
|
||||
<nav class=paginav>
|
||||
<a class=prev href=https://daffa.info/portfolio/cve/cve-2022-36282/>
|
||||
<span class=title>« Prev</span>
|
||||
<br>
|
||||
<span>CVE-2021-24519</span>
|
||||
</a>
|
||||
</nav>
|
||||
<div class=share-buttons>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fportfolio%2fcve%2fcve-2022-36346%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
|
||||
</a>
|
||||
</div>
|
||||
</footer>
|
||||
</article>
|
||||
</main>
|
||||
<footer class=footer>
|
||||
<span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>
|
||||
Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
|
||||
</span>
|
||||
</footer>
|
||||
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
|
||||
</a>
|
||||
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
|
||||
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
|
||||
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
|
||||
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,172 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto>
|
||||
<head><meta charset=utf-8>
|
||||
<meta http-equiv=x-ua-compatible content="IE=edge">
|
||||
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
|
||||
<meta name=robots content="index, follow">
|
||||
<title>CVEs | Muhammad Daffa</title>
|
||||
<meta name=keywords content>
|
||||
<meta name=description content="List of all my CVEs">
|
||||
<meta name=author content="Muhammad Daffa">
|
||||
<link rel=canonical href=https://daffa.info/portfolio/cve/>
|
||||
<link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style>
|
||||
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<meta name=theme-color content="#2e2e33">
|
||||
<meta name=msapplication-TileColor content="#2e2e33">
|
||||
<link rel=alternate type=application/rss+xml href=https://daffa.info/portfolio/cve/index.xml>
|
||||
<noscript>
|
||||
<style>#theme-toggle,.top-link{display:none}</style>
|
||||
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
|
||||
</noscript><meta property="og:title" content="CVEs">
|
||||
<meta property="og:description" content="Portfolio by Muhammad Daffa">
|
||||
<meta property="og:type" content="website">
|
||||
<meta property="og:url" content="https://daffa.info/portfolio/cve/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa">
|
||||
<meta name=twitter:card content="summary_large_image">
|
||||
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
|
||||
<meta name=twitter:title content="CVEs">
|
||||
<meta name=twitter:description content="Portfolio by Muhammad Daffa">
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Placeholder Text","item":"https://daffa.info/portfolio/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://daffa.info/portfolio/cve/"}]}</script>
|
||||
</head>
|
||||
<body class=list id=top>
|
||||
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
|
||||
<header class=header>
|
||||
<nav class=nav>
|
||||
<div class=logo>
|
||||
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
|
||||
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
|
||||
<div class=logo-switches>
|
||||
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
<button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg>
|
||||
</button>
|
||||
<ul class="menu hidden">
|
||||
<li>
|
||||
<a href=https://daffa.info/profile/ title=About>
|
||||
<span>About</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/blog/ title=Blog>
|
||||
<span>Blog</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/portfolio/ title=Portfolio>
|
||||
<span>Portfolio</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/>
|
||||
<span>Search</span>
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main class=main>
|
||||
<header class=page-header>
|
||||
<h1>CVEs</h1>
|
||||
</header>
|
||||
<div class=archive-year>
|
||||
<h2 class=archive-year-header>2021<sup class=archive-count> 12</sup>
|
||||
</h2>
|
||||
<div class=archive-month>
|
||||
<h3 class=archive-month-header>July<sup class=archive-count> 12</sup></h3>
|
||||
<div class=archive-posts>
|
||||
<div class=archive-entry>
|
||||
<h3 class=archive-entry-title>CVE-2021-24561
|
||||
</h3>
|
||||
<div class=archive-meta><span title="2021-07-26 11:30:03 +0000 UTC">July 26, 2021</span> · Muhammad Daffa</div>
|
||||
<a class=entry-link aria-label="post link to CVE-2021-24561" href=https://daffa.info/portfolio/cve/cve-2021-24561/></a>
|
||||
</div>
|
||||
<div class=archive-entry>
|
||||
<h3 class=archive-entry-title>CVE-2021-24531
|
||||
</h3>
|
||||
<div class=archive-meta><span title="2021-07-21 11:30:03 +0000 UTC">July 21, 2021</span> · Muhammad Daffa</div>
|
||||
<a class=entry-link aria-label="post link to CVE-2021-24531" href=https://daffa.info/portfolio/cve/cve-2021-24531/></a>
|
||||
</div>
|
||||
<div class=archive-entry>
|
||||
<h3 class=archive-entry-title>CVE-2021-24519
|
||||
</h3>
|
||||
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · Muhammad Daffa</div>
|
||||
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2021-24519/></a>
|
||||
</div>
|
||||
<div class=archive-entry>
|
||||
<h3 class=archive-entry-title>CVE-2021-24519
|
||||
</h3>
|
||||
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa</div>
|
||||
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-23983/></a>
|
||||
</div>
|
||||
<div class=archive-entry>
|
||||
<h3 class=archive-entry-title>CVE-2021-24519
|
||||
</h3>
|
||||
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa</div>
|
||||
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-23984/></a>
|
||||
</div>
|
||||
<div class=archive-entry>
|
||||
<h3 class=archive-entry-title>CVE-2021-24519
|
||||
</h3>
|
||||
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa</div>
|
||||
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-25618/></a>
|
||||
</div>
|
||||
<div class=archive-entry>
|
||||
<h3 class=archive-entry-title>CVE-2021-24519
|
||||
</h3>
|
||||
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa</div>
|
||||
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-27844/></a>
|
||||
</div>
|
||||
<div class=archive-entry>
|
||||
<h3 class=archive-entry-title>CVE-2021-24519
|
||||
</h3>
|
||||
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa</div>
|
||||
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-27848/></a>
|
||||
</div>
|
||||
<div class=archive-entry>
|
||||
<h3 class=archive-entry-title>CVE-2021-24519
|
||||
</h3>
|
||||
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa</div>
|
||||
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-33201/></a>
|
||||
</div>
|
||||
<div class=archive-entry>
|
||||
<h3 class=archive-entry-title>CVE-2021-24519
|
||||
</h3>
|
||||
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa</div>
|
||||
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-34347/></a>
|
||||
</div>
|
||||
<div class=archive-entry>
|
||||
<h3 class=archive-entry-title>CVE-2021-24519
|
||||
</h3>
|
||||
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa</div>
|
||||
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-36282/></a>
|
||||
</div>
|
||||
<div class=archive-entry>
|
||||
<h3 class=archive-entry-title>CVE-2021-24519
|
||||
</h3>
|
||||
<div class=archive-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa</div>
|
||||
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/portfolio/cve/cve-2022-36346/></a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</main>
|
||||
<footer class=footer>
|
||||
<span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>
|
||||
Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
|
||||
</span>
|
||||
</footer>
|
||||
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
|
||||
</a>
|
||||
<script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(a){b.contains(a.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script>
|
||||
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
|
||||
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
|
||||
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,122 +0,0 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
|
||||
<channel>
|
||||
<title>CVEs on Muhammad Daffa</title>
|
||||
<link>https://daffa.info/portfolio/cve/</link>
|
||||
<description>Recent content in CVEs on Muhammad Daffa</description>
|
||||
<image>
|
||||
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
|
||||
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
|
||||
</image>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<lastBuildDate>Mon, 26 Jul 2021 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/portfolio/cve/index.xml" rel="self" type="application/rss+xml" />
|
||||
<item>
|
||||
<title>CVE-2021-24561</title>
|
||||
<link>https://daffa.info/portfolio/cve/cve-2021-24561/</link>
|
||||
<pubDate>Mon, 26 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/portfolio/cve/cve-2021-24561/</guid>
|
||||
<description>WP SMS &lt; 5.4.13 - Authenticated Stored Cross-Site Scripting</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24531</title>
|
||||
<link>https://daffa.info/portfolio/cve/cve-2021-24531/</link>
|
||||
<pubDate>Wed, 21 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/portfolio/cve/cve-2021-24531/</guid>
|
||||
<description>Charitable - Donation Plugin &lt; 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24519</title>
|
||||
<link>https://daffa.info/portfolio/cve/cve-2021-24519/</link>
|
||||
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/portfolio/cve/cve-2021-24519/</guid>
|
||||
<description>Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24519</title>
|
||||
<link>https://daffa.info/portfolio/cve/cve-2022-23983/</link>
|
||||
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/portfolio/cve/cve-2022-23983/</guid>
|
||||
<description>Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24519</title>
|
||||
<link>https://daffa.info/portfolio/cve/cve-2022-23984/</link>
|
||||
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/portfolio/cve/cve-2022-23984/</guid>
|
||||
<description>Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24519</title>
|
||||
<link>https://daffa.info/portfolio/cve/cve-2022-25618/</link>
|
||||
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/portfolio/cve/cve-2022-25618/</guid>
|
||||
<description>Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24519</title>
|
||||
<link>https://daffa.info/portfolio/cve/cve-2022-27844/</link>
|
||||
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/portfolio/cve/cve-2022-27844/</guid>
|
||||
<description>Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24519</title>
|
||||
<link>https://daffa.info/portfolio/cve/cve-2022-27848/</link>
|
||||
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/portfolio/cve/cve-2022-27848/</guid>
|
||||
<description>Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24519</title>
|
||||
<link>https://daffa.info/portfolio/cve/cve-2022-33201/</link>
|
||||
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/portfolio/cve/cve-2022-33201/</guid>
|
||||
<description>Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24519</title>
|
||||
<link>https://daffa.info/portfolio/cve/cve-2022-34347/</link>
|
||||
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/portfolio/cve/cve-2022-34347/</guid>
|
||||
<description>Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24519</title>
|
||||
<link>https://daffa.info/portfolio/cve/cve-2022-36282/</link>
|
||||
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/portfolio/cve/cve-2022-36282/</guid>
|
||||
<description>Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24519</title>
|
||||
<link>https://daffa.info/portfolio/cve/cve-2022-36346/</link>
|
||||
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/portfolio/cve/cve-2022-36346/</guid>
|
||||
<description>Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
|
||||
</item>
|
||||
|
||||
</channel>
|
||||
</rss>
|
File diff suppressed because one or more lines are too long
|
@ -9,6 +9,7 @@
|
|||
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
|
||||
</image>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<language>en</language>
|
||||
<lastBuildDate>Sat, 09 Mar 2019 00:00:00 +0000</lastBuildDate><atom:link href="https://daffa.info/portfolio/index.xml" rel="self" type="application/rss+xml" />
|
||||
</channel>
|
||||
</rss>
|
||||
|
|
|
@ -1,151 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto>
|
||||
<head><meta charset=utf-8>
|
||||
<meta http-equiv=x-ua-compatible content="IE=edge">
|
||||
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
|
||||
<meta name=robots content="index, follow">
|
||||
<title>CVE-2021-24519 | Muhammad Daffa</title>
|
||||
<meta name=keywords content="cve">
|
||||
<meta name=description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta name=author content="Muhammad Daffa">
|
||||
<link rel=canonical href=https://canonical.url/to/page>
|
||||
<link crossorigin=anonymous href=/assets/css/stylesheet.bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20.css integrity="sha256-vBFJ9KcqpIWNOp9xRi915YhP/oBz6p1tV2HVZj1lHiA=" rel="preload stylesheet" as=style>
|
||||
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
|
||||
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<meta name=theme-color content="#2e2e33">
|
||||
<meta name=msapplication-TileColor content="#2e2e33">
|
||||
<noscript>
|
||||
<style>#theme-toggle,.top-link{display:none}</style>
|
||||
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
|
||||
</noscript><meta property="og:title" content="CVE-2021-24519">
|
||||
<meta property="og:description" content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="og:url" content="https://daffa.info/posts/cve-2021-24519/">
|
||||
<meta property="og:image" content="https://daffa.info/%3Cimage%20path/url%3E"><meta property="article:section" content="posts">
|
||||
<meta property="article:published_time" content="2021-07-19T11:30:03+00:00">
|
||||
<meta property="article:modified_time" content="2021-07-19T11:30:03+00:00"><meta property="og:site_name" content="Muhammad Daffa">
|
||||
<meta name=twitter:card content="summary_large_image">
|
||||
<meta name=twitter:image content="https://daffa.info/%3Cimage%20path/url%3E">
|
||||
<meta name=twitter:title content="CVE-2021-24519">
|
||||
<meta name=twitter:description content="Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)">
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https://daffa.info/posts/"},{"@type":"ListItem","position":2,"name":"CVE-2021-24519","item":"https://daffa.info/posts/cve-2021-24519/"}]}</script>
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE-2021-24519","name":"CVE-2021-24519","description":"Vik Rent Car ","keywords":["cve"],"articleBody":"Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue\nPlugin Name VikRentCar\nAffected Version Fixed Version 1.1.10\nAdvisory Link MITRE WPScan ","wordCount":"61","inLanguage":"en","image":"https://daffa.info/%3Cimage%20path/url%3E","datePublished":"2021-07-19T11:30:03Z","dateModified":"2021-07-19T11:30:03Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/posts/cve-2021-24519/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
|
||||
</head>
|
||||
<body id=top>
|
||||
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
|
||||
<header class=header>
|
||||
<nav class=nav>
|
||||
<div class=logo>
|
||||
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
|
||||
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
|
||||
<div class=logo-switches>
|
||||
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
<ul id=menu>
|
||||
<li>
|
||||
<a href=https://daffa.info/profile/ title=About>
|
||||
<span>About</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/blog/ title=Blog>
|
||||
<span>Blog</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/cve/ title=Portfolio>
|
||||
<span>Portfolio</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=mailto:muhammaddaffa.info@gmail.com title="Contact Me">
|
||||
<span>Contact Me</span>
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main class=main>
|
||||
<article class=post-single>
|
||||
<header class=post-header>
|
||||
<div class=breadcrumbs><a href=https://daffa.info/>Home</a> » <a href=https://daffa.info/posts/>Posts</a></div>
|
||||
<h1 class=post-title>
|
||||
CVE-2021-24519
|
||||
</h1>
|
||||
<div class=post-description>
|
||||
Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
|
||||
</div>
|
||||
<div class=post-meta><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa
|
||||
</div>
|
||||
</header> <div class=toc>
|
||||
<details open>
|
||||
<summary accesskey=c title="(Alt + C)">
|
||||
<span class=details>Table of Contents</span>
|
||||
</summary>
|
||||
<div class=inner><nav id=TableOfContents>
|
||||
<ul>
|
||||
<li><a href=#description>Description</a></li>
|
||||
<li><a href=#plugin-name>Plugin Name</a></li>
|
||||
<li><a href=#affected-version>Affected Version</a></li>
|
||||
<li><a href=#fixed-version>Fixed Version</a></li>
|
||||
<li><a href=#advisory-link>Advisory Link</a></li>
|
||||
</ul>
|
||||
</nav>
|
||||
</div>
|
||||
</details>
|
||||
</div>
|
||||
<div class=post-content><h2 id=description>Description<a hidden class=anchor aria-hidden=true href=#description>#</a></h2>
|
||||
<p>The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue</p>
|
||||
<h2 id=plugin-name>Plugin Name<a hidden class=anchor aria-hidden=true href=#plugin-name>#</a></h2>
|
||||
<p><a href=https://wordpress.org/plugins/vikrentcar/>VikRentCar</a></p>
|
||||
<h2 id=affected-version>Affected Version<a hidden class=anchor aria-hidden=true href=#affected-version>#</a></h2>
|
||||
<p><= 1.1.9</p>
|
||||
<h2 id=fixed-version>Fixed Version<a hidden class=anchor aria-hidden=true href=#fixed-version>#</a></h2>
|
||||
<p>1.1.10</p>
|
||||
<h2 id=advisory-link>Advisory Link<a hidden class=anchor aria-hidden=true href=#advisory-link>#</a></h2>
|
||||
<ul>
|
||||
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24519">MITRE</a></li>
|
||||
<li><a href=https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c>WPScan</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<footer class=post-footer>
|
||||
<ul class=post-tags>
|
||||
<li><a href=https://daffa.info/tags/cve/>cve</a></li>
|
||||
</ul>
|
||||
<div class=share-buttons>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on twitter" href="https://twitter.com/intent/tweet/?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f&hashtags=cve"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f&title=CVE-2021-24519&summary=CVE-2021-24519&source=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f&title=CVE-2021-24519"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on whatsapp" href="https://api.whatsapp.com/send?text=CVE-2021-24519%20-%20https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE-2021-24519 on telegram" href="https://telegram.me/share/url?text=CVE-2021-24519&url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24519%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
|
||||
</a>
|
||||
</div>
|
||||
</footer>
|
||||
</article>
|
||||
</main>
|
||||
<footer class=footer>
|
||||
<span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>
|
||||
Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
|
||||
</span>
|
||||
</footer>
|
||||
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
|
||||
</a>
|
||||
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
|
||||
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
|
||||
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,116 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto>
|
||||
<head><meta charset=utf-8>
|
||||
<meta http-equiv=x-ua-compatible content="IE=edge">
|
||||
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
|
||||
<meta name=robots content="index, follow">
|
||||
<title>CVE 2021 24561 | Muhammad Daffa</title>
|
||||
<meta name=keywords content>
|
||||
<meta name=description content="CVE 2021 24561 - Muhammad Daffa">
|
||||
<meta name=author content="Muhammad Daffa">
|
||||
<link rel=canonical href=https://daffa.info/posts/cve-2021-24561/>
|
||||
<link crossorigin=anonymous href=/assets/css/stylesheet.bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20.css integrity="sha256-vBFJ9KcqpIWNOp9xRi915YhP/oBz6p1tV2HVZj1lHiA=" rel="preload stylesheet" as=style>
|
||||
<script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
|
||||
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<meta name=theme-color content="#2e2e33">
|
||||
<meta name=msapplication-TileColor content="#2e2e33">
|
||||
<noscript>
|
||||
<style>#theme-toggle,.top-link{display:none}</style>
|
||||
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
|
||||
</noscript><meta property="og:title" content="CVE 2021 24561">
|
||||
<meta property="og:description" content>
|
||||
<meta property="og:type" content="article">
|
||||
<meta property="og:url" content="https://daffa.info/posts/cve-2021-24561/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="article:section" content="posts">
|
||||
<meta property="article:published_time" content="2022-09-09T17:01:20+00:00">
|
||||
<meta property="article:modified_time" content="2022-09-09T17:01:20+00:00"><meta property="og:site_name" content="Muhammad Daffa">
|
||||
<meta name=twitter:card content="summary_large_image">
|
||||
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
|
||||
<meta name=twitter:title content="CVE 2021 24561">
|
||||
<meta name=twitter:description content>
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https://daffa.info/posts/"},{"@type":"ListItem","position":2,"name":"CVE 2021 24561","item":"https://daffa.info/posts/cve-2021-24561/"}]}</script>
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"CVE 2021 24561","name":"CVE 2021 24561","description":"","keywords":[],"articleBody":"","wordCount":"0","inLanguage":"en","datePublished":"2022-09-09T17:01:20Z","dateModified":"2022-09-09T17:01:20Z","author":{"@type":"Person","name":"Muhammad Daffa"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://daffa.info/posts/cve-2021-24561/"},"publisher":{"@type":"Organization","name":"Muhammad Daffa","logo":{"@type":"ImageObject","url":"https://daffa.info/%3Clink%20/%20abs%20url%3E"}}}</script>
|
||||
</head>
|
||||
<body id=top>
|
||||
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
|
||||
<header class=header>
|
||||
<nav class=nav>
|
||||
<div class=logo>
|
||||
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
|
||||
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
|
||||
<div class=logo-switches>
|
||||
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
<ul id=menu>
|
||||
<li>
|
||||
<a href=https://daffa.info/profile/ title=About>
|
||||
<span>About</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/blog/ title=Blog>
|
||||
<span>Blog</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/cve/ title=Portfolio>
|
||||
<span>Portfolio</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=mailto:muhammaddaffa.info@gmail.com title="Contact Me">
|
||||
<span>Contact Me</span>
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main class=main>
|
||||
<article class=post-single>
|
||||
<header class=post-header>
|
||||
<div class=breadcrumbs><a href=https://daffa.info/>Home</a> » <a href=https://daffa.info/posts/>Posts</a></div>
|
||||
<h1 class=post-title>
|
||||
CVE 2021 24561<sup><span class=entry-isdraft> [draft]</span></sup>
|
||||
</h1>
|
||||
<div class=post-meta><span title="2022-09-09 17:01:20 +0000 UTC">September 9, 2022</span> · 0 min · 0 words · Muhammad Daffa
|
||||
</div>
|
||||
</header>
|
||||
<footer class=post-footer>
|
||||
<ul class=post-tags>
|
||||
</ul>
|
||||
<div class=share-buttons>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE 2021 24561 on twitter" href="https://twitter.com/intent/tweet/?text=CVE%202021%2024561&url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f&hashtags="><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM195.519 424.544c135.939.0 210.268-112.643 210.268-210.268.0-3.218.0-6.437-.153-9.502 14.406-10.421 26.973-23.448 36.935-38.314-13.18 5.824-27.433 9.809-42.452 11.648 15.326-9.196 26.973-23.602 32.49-40.92-14.252 8.429-30.038 14.56-46.896 17.931-13.487-14.406-32.644-23.295-53.946-23.295-40.767.0-73.87 33.104-73.87 73.87.0 5.824.613 11.494 1.992 16.858-61.456-3.065-115.862-32.49-152.337-77.241-6.284 10.881-9.962 23.601-9.962 37.088.0 25.594 13.027 48.276 32.95 61.456-12.107-.307-23.448-3.678-33.41-9.196v.92c0 35.862 25.441 65.594 59.311 72.49-6.13 1.686-12.72 2.606-19.464 2.606-4.751.0-9.348-.46-13.946-1.38 9.349 29.426 36.628 50.728 68.965 51.341-25.287 19.771-57.164 31.571-91.8 31.571-5.977.0-11.801-.306-17.625-1.073 32.337 21.15 71.264 33.41 112.95 33.41z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE 2021 24561 on linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f&title=CVE%202021%2024561&summary=CVE%202021%2024561&source=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM160.461 423.278V197.561h-75.04v225.717h75.04zm270.539.0V293.839c0-69.333-37.018-101.586-86.381-101.586-39.804.0-57.634 21.891-67.617 37.266v-31.958h-75.021c.995 21.181.0 225.717.0 225.717h75.02V297.222c0-6.748.486-13.492 2.474-18.315 5.414-13.475 17.767-27.434 38.494-27.434 27.135.0 38.007 20.707 38.007 51.037v120.768H431zM123.448 88.722C97.774 88.722 81 105.601 81 127.724c0 21.658 16.264 39.002 41.455 39.002h.484c26.165.0 42.452-17.344 42.452-39.002-.485-22.092-16.241-38.954-41.943-39.002z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE 2021 24561 on reddit" href="https://reddit.com/submit?url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f&title=CVE%202021%2024561"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zM446 265.638c0-22.964-18.616-41.58-41.58-41.58-11.211.0-21.361 4.457-28.841 11.666-28.424-20.508-67.586-33.757-111.204-35.278l18.941-89.121 61.884 13.157c.756 15.734 13.642 28.29 29.56 28.29 16.407.0 29.706-13.299 29.706-29.701.0-16.403-13.299-29.702-29.706-29.702-11.666.0-21.657 6.792-26.515 16.578l-69.105-14.69c-1.922-.418-3.939-.042-5.585 1.036-1.658 1.073-2.811 2.761-3.224 4.686l-21.152 99.438c-44.258 1.228-84.046 14.494-112.837 35.232-7.468-7.164-17.589-11.591-28.757-11.591-22.965.0-41.585 18.616-41.585 41.58.0 16.896 10.095 31.41 24.568 37.918-.639 4.135-.99 8.328-.99 12.576.0 63.977 74.469 115.836 166.33 115.836s166.334-51.859 166.334-115.836c0-4.218-.347-8.387-.977-12.493 14.564-6.47 24.735-21.034 24.735-38.001zM326.526 373.831c-20.27 20.241-59.115 21.816-70.534 21.816-11.428.0-50.277-1.575-70.522-21.82-3.007-3.008-3.007-7.882.0-10.889 3.003-2.999 7.882-3.003 10.885.0 12.777 12.781 40.11 17.317 59.637 17.317 19.522.0 46.86-4.536 59.657-17.321 3.016-2.999 7.886-2.995 10.885.008 3.008 3.011 3.003 7.882-.008 10.889zm-5.23-48.781c-16.373.0-29.701-13.324-29.701-29.698.0-16.381 13.328-29.714 29.701-29.714 16.378.0 29.706 13.333 29.706 29.714.0 16.374-13.328 29.698-29.706 29.698zM160.91 295.348c0-16.381 13.328-29.71 29.714-29.71 16.369.0 29.689 13.329 29.689 29.71.0 16.373-13.32 29.693-29.689 29.693-16.386.0-29.714-13.32-29.714-29.693z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE 2021 24561 on facebook" href="https://facebook.com/sharer/sharer.php?u=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H342.978V319.085h66.6l12.672-82.621h-79.272v-53.617c0-22.603 11.073-44.636 46.58-44.636H425.6v-70.34s-32.71-5.582-63.982-5.582c-65.288.0-107.96 39.569-107.96 111.204v62.971h-72.573v82.621h72.573V512h-191.104c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE 2021 24561 on whatsapp" href="https://api.whatsapp.com/send?text=CVE%202021%2024561%20-%20https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f"><svg viewBox="0 0 512 512" height="30" width="30" fill="currentcolor"><path d="M449.446.0C483.971.0 512 28.03 512 62.554v386.892C512 483.97 483.97 512 449.446 512H62.554c-34.524.0-62.554-28.03-62.554-62.554V62.554c0-34.524 28.029-62.554 62.554-62.554h386.892zm-58.673 127.703c-33.842-33.881-78.847-52.548-126.798-52.568-98.799.0-179.21 80.405-179.249 179.234-.013 31.593 8.241 62.428 23.927 89.612l-25.429 92.884 95.021-24.925c26.181 14.28 55.659 21.807 85.658 21.816h.074c98.789.0 179.206-80.413 179.247-179.243.018-47.895-18.61-92.93-52.451-126.81zM263.976 403.485h-.06c-26.734-.01-52.954-7.193-75.828-20.767l-5.441-3.229-56.386 14.792 15.05-54.977-3.542-5.637c-14.913-23.72-22.791-51.136-22.779-79.287.033-82.142 66.867-148.971 149.046-148.971 39.793.014 77.199 15.531 105.329 43.692 28.128 28.16 43.609 65.592 43.594 105.4-.034 82.149-66.866 148.983-148.983 148.984zm81.721-111.581c-4.479-2.242-26.499-13.075-30.604-14.571-4.105-1.495-7.091-2.241-10.077 2.241-2.986 4.483-11.569 14.572-14.182 17.562-2.612 2.988-5.225 3.364-9.703 1.12-4.479-2.241-18.91-6.97-36.017-22.23C231.8 264.15 222.81 249.484 220.198 245s-.279-6.908 1.963-9.14c2.016-2.007 4.48-5.232 6.719-7.847 2.24-2.615 2.986-4.484 4.479-7.472 1.493-2.99.747-5.604-.374-7.846-1.119-2.241-10.077-24.288-13.809-33.256-3.635-8.733-7.327-7.55-10.077-7.688-2.609-.13-5.598-.158-8.583-.158-2.986.0-7.839 1.121-11.944 5.604-4.105 4.484-15.675 15.32-15.675 37.364.0 22.046 16.048 43.342 18.287 46.332 2.24 2.99 31.582 48.227 76.511 67.627 10.685 4.615 19.028 7.371 25.533 9.434 10.728 3.41 20.492 2.929 28.209 1.775 8.605-1.285 26.499-10.833 30.231-21.295 3.732-10.464 3.732-19.431 2.612-21.298-1.119-1.869-4.105-2.99-8.583-5.232z"/></svg>
|
||||
</a>
|
||||
<a target=_blank rel="noopener noreferrer" aria-label="share CVE 2021 24561 on telegram" href="https://telegram.me/share/url?text=CVE%202021%2024561&url=https%3a%2f%2fdaffa.info%2fposts%2fcve-2021-24561%2f"><svg viewBox="2 2 28 28" height="30" width="30" fill="currentcolor"><path d="M26.49 29.86H5.5a3.37 3.37.0 01-2.47-1 3.35 3.35.0 01-1-2.47V5.48A3.36 3.36.0 013 3 3.37 3.37.0 015.5 2h21A3.38 3.38.0 0129 3a3.36 3.36.0 011 2.46V26.37a3.35 3.35.0 01-1 2.47 3.38 3.38.0 01-2.51 1.02zm-5.38-6.71a.79.79.0 00.85-.66L24.73 9.24a.55.55.0 00-.18-.46.62.62.0 00-.41-.17q-.08.0-16.53 6.11a.59.59.0 00-.41.59.57.57.0 00.43.52l4 1.24 1.61 4.83a.62.62.0 00.63.43.56.56.0 00.4-.17L16.54 20l4.09 3A.9.9.0 0021.11 23.15zM13.8 20.71l-1.21-4q8.72-5.55 8.78-5.55c.15.0.23.0.23.16a.18.18.0 010 .06s-2.51 2.3-7.52 6.8z"/></svg>
|
||||
</a>
|
||||
</div>
|
||||
</footer>
|
||||
</article>
|
||||
</main>
|
||||
<footer class=footer>
|
||||
<span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>
|
||||
Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
|
||||
</span>
|
||||
</footer>
|
||||
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
|
||||
</a>
|
||||
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
|
||||
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
|
||||
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,118 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto>
|
||||
<head><meta charset=utf-8>
|
||||
<meta http-equiv=x-ua-compatible content="IE=edge">
|
||||
<meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no">
|
||||
<meta name=robots content="index, follow">
|
||||
<title>Posts | Muhammad Daffa</title>
|
||||
<meta name=keywords content>
|
||||
<meta name=description content="Posts - Muhammad Daffa">
|
||||
<meta name=author content="Muhammad Daffa">
|
||||
<link rel=canonical href=https://daffa.info/posts/>
|
||||
<link crossorigin=anonymous href=/assets/css/stylesheet.bc1149f4a72aa4858d3a9f71462f75e5884ffe8073ea9d6d5761d5663d651e20.css integrity="sha256-vBFJ9KcqpIWNOp9xRi915YhP/oBz6p1tV2HVZj1lHiA=" rel="preload stylesheet" as=style>
|
||||
<link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E>
|
||||
<meta name=theme-color content="#2e2e33">
|
||||
<meta name=msapplication-TileColor content="#2e2e33">
|
||||
<link rel=alternate type=application/rss+xml href=https://daffa.info/posts/index.xml>
|
||||
<noscript>
|
||||
<style>#theme-toggle,.top-link{display:none}</style>
|
||||
<style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style>
|
||||
</noscript><meta property="og:title" content="Posts">
|
||||
<meta property="og:description" content="Portfolio by Muhammad Daffa">
|
||||
<meta property="og:type" content="website">
|
||||
<meta property="og:url" content="https://daffa.info/posts/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa">
|
||||
<meta name=twitter:card content="summary_large_image">
|
||||
<meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E">
|
||||
<meta name=twitter:title content="Posts">
|
||||
<meta name=twitter:description content="Portfolio by Muhammad Daffa">
|
||||
<script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https://daffa.info/posts/"}]}</script>
|
||||
</head>
|
||||
<body class=list id=top>
|
||||
<script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add('dark'):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove('dark'):window.matchMedia('(prefers-color-scheme: dark)').matches&&document.body.classList.add('dark')</script>
|
||||
<header class=header>
|
||||
<nav class=nav>
|
||||
<div class=logo>
|
||||
<a href=https://daffa.info/ accesskey=h title="Home (Alt + H)">
|
||||
<img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a>
|
||||
<div class=logo-switches>
|
||||
<button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg>
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
<ul id=menu>
|
||||
<li>
|
||||
<a href=https://daffa.info/profile/ title=About>
|
||||
<span>About</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/blog/ title=Blog>
|
||||
<span>Blog</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=https://daffa.info/cve/ title=Portfolio>
|
||||
<span>Portfolio</span>
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href=mailto:muhammaddaffa.info@gmail.com title="Contact Me">
|
||||
<span>Contact Me</span>
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
</header>
|
||||
<main class=main>
|
||||
<header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a></div>
|
||||
<h1>
|
||||
Posts
|
||||
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg>
|
||||
</a>
|
||||
</h1>
|
||||
</header>
|
||||
<article class=post-entry>
|
||||
<header class=entry-header>
|
||||
<h2>CVE 2021 24561<sup><span class=entry-isdraft> [draft]</span></sup>
|
||||
</h2>
|
||||
</header>
|
||||
<div class=entry-content>
|
||||
<p></p>
|
||||
</div>
|
||||
<footer class=entry-footer><span title="2022-09-09 17:01:20 +0000 UTC">September 9, 2022</span> · 0 min · 0 words · Muhammad Daffa</footer>
|
||||
<a class=entry-link aria-label="post link to CVE 2021 24561" href=https://daffa.info/posts/cve-2021-24561/></a>
|
||||
</article>
|
||||
<article class=post-entry>
|
||||
<header class=entry-header>
|
||||
<h2>CVE-2021-24519
|
||||
</h2>
|
||||
</header>
|
||||
<div class=entry-content>
|
||||
<p>Description The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the ‘Text Next to Icon’ field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue
|
||||
Plugin Name VikRentCar
|
||||
Affected Version <= 1.1.9
|
||||
Fixed Version 1.1.10
|
||||
Advisory Link MITRE WPScan </p>
|
||||
</div>
|
||||
<footer class=entry-footer><span title="2021-07-19 11:30:03 +0000 UTC">July 19, 2021</span> · 1 min · 61 words · Muhammad Daffa</footer>
|
||||
<a class=entry-link aria-label="post link to CVE-2021-24519" href=https://daffa.info/posts/cve-2021-24519/></a>
|
||||
</article>
|
||||
</main>
|
||||
<footer class=footer>
|
||||
<span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>
|
||||
Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a>
|
||||
</span>
|
||||
</footer>
|
||||
<a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg>
|
||||
</a>
|
||||
<script>let menu=document.getElementById('menu');menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(a=>{a.addEventListener("click",function(b){b.preventDefault();var a=this.getAttribute("href").substr(1);window.matchMedia('(prefers-reduced-motion: reduce)').matches?document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(a)}']`).scrollIntoView({behavior:"smooth"}),a==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${a}`)})})</script>
|
||||
<script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script>
|
||||
<script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove('dark'),localStorage.setItem("pref-theme",'light')):(document.body.classList.add('dark'),localStorage.setItem("pref-theme",'dark'))})</script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,32 +0,0 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
|
||||
<channel>
|
||||
<title>Posts on Muhammad Daffa</title>
|
||||
<link>https://daffa.info/posts/</link>
|
||||
<description>Recent content in Posts on Muhammad Daffa</description>
|
||||
<image>
|
||||
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
|
||||
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
|
||||
</image>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<lastBuildDate>Fri, 09 Sep 2022 17:01:20 +0000</lastBuildDate><atom:link href="https://daffa.info/posts/index.xml" rel="self" type="application/rss+xml" />
|
||||
<item>
|
||||
<title>CVE 2021 24561</title>
|
||||
<link>https://daffa.info/posts/cve-2021-24561/</link>
|
||||
<pubDate>Fri, 09 Sep 2022 17:01:20 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/posts/cve-2021-24561/</guid>
|
||||
<description></description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24519</title>
|
||||
<link>https://daffa.info/posts/cve-2021-24519/</link>
|
||||
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/posts/cve-2021-24519/</guid>
|
||||
<description>Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
|
||||
</item>
|
||||
|
||||
</channel>
|
||||
</rss>
|
|
@ -1 +0,0 @@
|
|||
<!doctype html><html><head><title>https://daffa.info/posts/</title><link rel=canonical href=https://daffa.info/posts/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/posts/"></head></html>
|
File diff suppressed because one or more lines are too long
|
@ -2,88 +2,16 @@
|
|||
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
|
||||
xmlns:xhtml="http://www.w3.org/1999/xhtml">
|
||||
<url>
|
||||
<loc>https://daffa.info/tags/cve/</loc>
|
||||
<lastmod>2022-09-26T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2022-32587/</loc>
|
||||
<lastmod>2022-09-26T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2022-38137/</loc>
|
||||
<lastmod>2022-09-26T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/</loc>
|
||||
<lastmod>2022-09-26T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/</loc>
|
||||
<lastmod>2022-09-26T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/tags/</loc>
|
||||
<lastmod>2022-09-26T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2022-36340/</loc>
|
||||
<lastmod>2022-09-23T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2022-38095/</loc>
|
||||
<lastmod>2022-09-23T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2022-38134/</loc>
|
||||
<lastmod>2022-09-23T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2022-40132/</loc>
|
||||
<lastmod>2022-09-23T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2022-40194/</loc>
|
||||
<lastmod>2022-09-23T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2022-38470/</loc>
|
||||
<lastmod>2022-09-22T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2022-36282/</loc>
|
||||
<lastmod>2022-08-23T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2022-34347/</loc>
|
||||
<lastmod>2022-08-22T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2022-36346/</loc>
|
||||
<lastmod>2022-08-22T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2022-33201/</loc>
|
||||
<lastmod>2022-05-08T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2022-27848/</loc>
|
||||
<lastmod>2022-04-14T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2022-27844/</loc>
|
||||
<lastmod>2022-04-11T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2022-25618/</loc>
|
||||
<lastmod>2022-04-04T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2022-38704/</loc>
|
||||
<lastmod>2022-02-23T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2022-23983/</loc>
|
||||
<lastmod>2022-02-21T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2022-23984/</loc>
|
||||
<lastmod>2022-02-21T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2021-24561/</loc>
|
||||
<lastmod>2021-07-26T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2021-24531/</loc>
|
||||
<lastmod>2021-07-21T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/cve/cve-2021-24519/</loc>
|
||||
<lastmod>2021-07-19T11:30:03+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/about/</loc>
|
||||
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/blog/</loc>
|
||||
<loc>https://daffa.info/cve/</loc>
|
||||
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/achievements/</loc>
|
||||
<loc>https://daffa.info/</loc>
|
||||
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/bug-hunting/</loc>
|
||||
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/portfolio/</loc>
|
||||
|
@ -92,8 +20,9 @@
|
|||
<loc>https://daffa.info/tags/profile/</loc>
|
||||
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/categories/</loc>
|
||||
<loc>https://daffa.info/tags/</loc>
|
||||
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
|
||||
</url><url>
|
||||
<loc>https://daffa.info/search/</loc>
|
||||
<loc>https://daffa.info/categories/</loc>
|
||||
</url>
|
||||
</urlset>
|
||||
|
|
|
@ -1,29 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>cve | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/tags/cve/><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://daffa.info/tags/cve/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="cve"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/tags/cve/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="cve"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/blog/ title=Blog><span>Blog</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li><li><a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/><span>Search</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a> » <a href=https://daffa.info/tags/>Tags</a></div><h1>cve
|
||||
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-32587</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page Widget plugin <= 3.9 on WordPress leading to plugin settings change.
|
||||
Plugin Name WP Page Widget
|
||||
Installation Number 60,000+
|
||||
Affected Version <= 3.9
|
||||
Fixed Version 4.0
|
||||
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-32587" href=https://daffa.info/cve/cve-2022-32587/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-38137</h2></header><div class=entry-content><p>Description Plugin Name Analytify – Google Analytics Dashboard For WordPress
|
||||
Installation Number 60,000+
|
||||
Affected Version <= 4.2.2
|
||||
Fixed Version 4.2.3
|
||||
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-38137" href=https://daffa.info/cve/cve-2022-38137/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-36340</h2></header><div class=entry-content><p>Description Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress.
|
||||
Plugin Name Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin
|
||||
Installation Number 30,000+
|
||||
Affected Version <= 1.2.49.0
|
||||
Fixed Version 1.2.50.0
|
||||
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-36340" href=https://daffa.info/cve/cve-2022-36340/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-38095</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress.
|
||||
Plugin Name Advanced Dynamic Pricing for WooCommerce
|
||||
Installation Number 20,000+
|
||||
Affected Version <= 4.1.3
|
||||
Fixed Version 4.1.4
|
||||
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-38095" href=https://daffa.info/cve/cve-2022-38095/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-38134</h2></header><div class=entry-content><p>Description Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.
|
||||
Plugin Name Customer Reviews for WooCommerce
|
||||
Installation Number 50,000+
|
||||
Affected Version <= 5.3.5
|
||||
Fixed Version 5.3.6
|
||||
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-38134" href=https://daffa.info/cve/cve-2022-38134/></a></article><footer class=page-footer><nav class=pagination><a class=next href=https://daffa.info/tags/cve/page/2/>Next »</a></nav></footer></main><footer class=footer><span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(e){b.contains(e.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
|
@ -1,203 +0,0 @@
|
|||
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
|
||||
<channel>
|
||||
<title>cve on Muhammad Daffa</title>
|
||||
<link>https://daffa.info/tags/cve/</link>
|
||||
<description>Recent content in cve on Muhammad Daffa</description>
|
||||
<image>
|
||||
<url>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</url>
|
||||
<link>https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E</link>
|
||||
</image>
|
||||
<generator>Hugo -- gohugo.io</generator>
|
||||
<lastBuildDate>Mon, 26 Sep 2022 11:30:03 +0000</lastBuildDate><atom:link href="https://daffa.info/tags/cve/index.xml" rel="self" type="application/rss+xml" />
|
||||
<item>
|
||||
<title>CVE-2022-32587</title>
|
||||
<link>https://daffa.info/cve/cve-2022-32587/</link>
|
||||
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-32587/</guid>
|
||||
<description>WordPress WP Page Widget plugin &lt;= 3.9 - Cross-Site Request Forgery</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-38137</title>
|
||||
<link>https://daffa.info/cve/cve-2022-38137/</link>
|
||||
<pubDate>Mon, 26 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-38137/</guid>
|
||||
<description>WordPress Analytify plugin &lt;= 4.2.2 - Cross-Site Request Forgery</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-36340</title>
|
||||
<link>https://daffa.info/cve/cve-2022-36340/</link>
|
||||
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-36340/</guid>
|
||||
<description>WordPress MailOptin plugin &lt;= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-38095</title>
|
||||
<link>https://daffa.info/cve/cve-2022-38095/</link>
|
||||
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-38095/</guid>
|
||||
<description>WordPress Advanced Dynamic Pricing for WooCommerce plugin &lt;= 4.1.3 - Cross-Site Request Forgery</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-38134</title>
|
||||
<link>https://daffa.info/cve/cve-2022-38134/</link>
|
||||
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-38134/</guid>
|
||||
<description>WordPress Customer Reviews for WooCommerce plugin &lt;= 5.3.5 - Authenticated Broken Access Control</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-40132</title>
|
||||
<link>https://daffa.info/cve/cve-2022-40132/</link>
|
||||
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-40132/</guid>
|
||||
<description>WordPress Seriously Simple Podcasting plugin &lt;= 2.16.0 - Cross-Site Request Forgery</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-40194</title>
|
||||
<link>https://daffa.info/cve/cve-2022-40194/</link>
|
||||
<pubDate>Fri, 23 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-40194/</guid>
|
||||
<description>WordPress Customer Reviews for WooCommerce plugin &lt;= 5.3.5 - Sensitive Information Disclosure</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-38470</title>
|
||||
<link>https://daffa.info/cve/cve-2022-38470/</link>
|
||||
<pubDate>Thu, 22 Sep 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-38470/</guid>
|
||||
<description>WordPress Customer Reviews for WooCommerce plugin &lt;= 5.3.5 - Cross-Site Request Forgery</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-36282</title>
|
||||
<link>https://daffa.info/cve/cve-2022-36282/</link>
|
||||
<pubDate>Tue, 23 Aug 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-36282/</guid>
|
||||
<description>Search Exclude &lt; 1.2.7 - Author+ Stored Cross-Site Scripting</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-34347</title>
|
||||
<link>https://daffa.info/cve/cve-2022-34347/</link>
|
||||
<pubDate>Mon, 22 Aug 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-34347/</guid>
|
||||
<description>Download Manager &lt; 3.2.49 - Clear Stats &amp; Cache via CSRF</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-36346</title>
|
||||
<link>https://daffa.info/cve/cve-2022-36346/</link>
|
||||
<pubDate>Mon, 22 Aug 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-36346/</guid>
|
||||
<description>MaxButtons &lt; 9.3 - Arbitrary Settings Update via CSRF</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-33201</title>
|
||||
<link>https://daffa.info/cve/cve-2022-33201/</link>
|
||||
<pubDate>Sun, 08 May 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-33201/</guid>
|
||||
<description>MailerLite - Signup forms (official) &lt; 1.5.7 - API Key Update via CSRF</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-27848</title>
|
||||
<link>https://daffa.info/cve/cve-2022-27848/</link>
|
||||
<pubDate>Thu, 14 Apr 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-27848/</guid>
|
||||
<description>Modern Events Calendar Lite &lt; 6.5.2 - Admin+ Stored Cross-Site Scripting</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-27844</title>
|
||||
<link>https://daffa.info/cve/cve-2022-27844/</link>
|
||||
<pubDate>Mon, 11 Apr 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-27844/</guid>
|
||||
<description>WPvivid Backup and Migration Plugin &lt; 0.9.71 - Admin+ Arbitrary File Download</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-25618</title>
|
||||
<link>https://daffa.info/cve/cve-2022-25618/</link>
|
||||
<pubDate>Mon, 04 Apr 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-25618/</guid>
|
||||
<description>wpDataTables &lt; 2.1.28 - Admin+ Stored Cross-Site Scripting</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-38704</title>
|
||||
<link>https://daffa.info/cve/cve-2022-38704/</link>
|
||||
<pubDate>Wed, 23 Feb 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-38704/</guid>
|
||||
<description>WordPress SEO Redirection plugin &lt;= 8.9 - Cross-Site Request Forgery</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-23983</title>
|
||||
<link>https://daffa.info/cve/cve-2022-23983/</link>
|
||||
<pubDate>Mon, 21 Feb 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-23983/</guid>
|
||||
<description>WP Content Copy Protection &amp; No Right Click &lt; 3.4.5 - Settings Update via CSRF</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2022-23984</title>
|
||||
<link>https://daffa.info/cve/cve-2022-23984/</link>
|
||||
<pubDate>Mon, 21 Feb 2022 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2022-23984/</guid>
|
||||
<description>wpDiscuz &lt; 7.3.12 - Sensitive Information Disclosure</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24561</title>
|
||||
<link>https://daffa.info/cve/cve-2021-24561/</link>
|
||||
<pubDate>Mon, 26 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2021-24561/</guid>
|
||||
<description>WP SMS &lt; 5.4.13 - Authenticated Stored Cross-Site Scripting</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24531</title>
|
||||
<link>https://daffa.info/cve/cve-2021-24531/</link>
|
||||
<pubDate>Wed, 21 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2021-24531/</guid>
|
||||
<description>Charitable - Donation Plugin &lt; 1.6.51 - Authenticated Stored Cross-Site Scripting (XSS)</description>
|
||||
</item>
|
||||
|
||||
<item>
|
||||
<title>CVE-2021-24519</title>
|
||||
<link>https://daffa.info/cve/cve-2021-24519/</link>
|
||||
<pubDate>Mon, 19 Jul 2021 11:30:03 +0000</pubDate>
|
||||
|
||||
<guid>https://daffa.info/cve/cve-2021-24519/</guid>
|
||||
<description>Vik Rent Car &lt; 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)</description>
|
||||
</item>
|
||||
|
||||
</channel>
|
||||
</rss>
|
|
@ -1 +0,0 @@
|
|||
<!doctype html><html lang=en><head><title>https://daffa.info/tags/cve/</title><link rel=canonical href=https://daffa.info/tags/cve/><meta name=robots content="noindex"><meta charset=utf-8><meta http-equiv=refresh content="0; url=https://daffa.info/tags/cve/"></head></html>
|
|
@ -1,31 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>cve | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/tags/cve/><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://daffa.info/tags/cve/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="cve"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/tags/cve/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="cve"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/blog/ title=Blog><span>Blog</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li><li><a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/><span>Search</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a> » <a href=https://daffa.info/tags/>Tags</a></div><h1>cve
|
||||
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-40132</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change.
|
||||
Plugin Name Seriously Simple Podcasting
|
||||
Installation Number 30,000+
|
||||
Affected Version <= 2.16.0
|
||||
Fixed Version 2.16.1
|
||||
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-40132" href=https://daffa.info/cve/cve-2022-40132/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-40194</h2></header><div class=entry-content><p>Description Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress
|
||||
Plugin Name Customer Reviews for WooCommerce
|
||||
Installation Number 50,000+
|
||||
Affected Version <= 5.3.5
|
||||
Fixed Version 5.3.6
|
||||
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-40194" href=https://daffa.info/cve/cve-2022-40194/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-38470</h2></header><div class=entry-content><p>Description Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.
|
||||
Plugin Name Customer Reviews for WooCommerce
|
||||
Installation Number 50,000+
|
||||
Affected Version <= 5.3.5
|
||||
Fixed Version 5.3.6
|
||||
Advisory link MITRE Patchstack</p></div><a class=entry-link aria-label="post link to CVE-2022-38470" href=https://daffa.info/cve/cve-2022-38470/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-36282</h2></header><div class=entry-content><p>Description Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy’s Search Exclude plugin <= 1.2.6 at WordPress.
|
||||
Plugin Name Search Exclude
|
||||
Installation Number 60,000+
|
||||
Affected Version <= 1.2.6
|
||||
Fixed Version 1.2.7
|
||||
Advisory Link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-08-23 11:30:03 +0000 UTC'>August 23, 2022</span> · Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-36282" href=https://daffa.info/cve/cve-2022-36282/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-34347</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.
|
||||
Plugin Name Download Manager
|
||||
Installation Number 100,000+
|
||||
Affected Version <= 3.2.48
|
||||
Fixed Version 3.2.49
|
||||
Advisory Link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-08-22 11:30:03 +0000 UTC'>August 22, 2022</span> · Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-34347" href=https://daffa.info/cve/cve-2022-34347/></a></article><footer class=page-footer><nav class=pagination><a class=prev href=https://daffa.info/tags/cve/>« Prev </a>
|
||||
<a class=next href=https://daffa.info/tags/cve/page/3/>Next »</a></nav></footer></main><footer class=footer><span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(e){b.contains(e.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
|
@ -1,31 +0,0 @@
|
|||
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>cve | Muhammad Daffa</title><meta name=keywords content><meta name=description content="Portfolio by Muhammad Daffa"><meta name=author content="Muhammad Daffa"><link rel=canonical href=https://daffa.info/tags/cve/><link crossorigin=anonymous href=/assets/css/stylesheet.45f49f3659256118ed66599f73d606a68bbf80c55151a90e4cf1c399f8e7c2d5.css integrity="sha256-RfSfNlklYRjtZlmfc9YGpou/gMVRUakOTPHDmfjnwtU=" rel="preload stylesheet" as=style><link rel=icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://daffa.info/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://daffa.info/tags/cve/index.xml><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="cve"><meta property="og:description" content="Portfolio by Muhammad Daffa"><meta property="og:type" content="website"><meta property="og:url" content="https://daffa.info/tags/cve/"><meta property="og:image" content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta property="og:site_name" content="Muhammad Daffa"><meta name=twitter:card content="summary_large_image"><meta name=twitter:image content="https://daffa.info/%3Clink%20or%20path%20of%20image%20for%20opengraph,%20twitter-cards%3E"><meta name=twitter:title content="cve"><meta name=twitter:description content="Portfolio by Muhammad Daffa"></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://daffa.info/ accesskey=h title="Home (Alt + H)"><img src=https://daffa.info/apple-touch-icon.png alt aria-label=logo height=35>Home</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><button id=menu-trigger aria-haspopup=menu aria-label="Menu Button"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"/><line x1="3" y1="6" x2="21" y2="6"/><line x1="3" y1="18" x2="21" y2="18"/></svg></button><ul class="menu hidden"><li><a href=https://daffa.info/about/ title=About><span>About</span></a></li><li><a href=https://daffa.info/blog/ title=Blog><span>Blog</span></a></li><li><a href=https://daffa.info/portfolio/ title=Portfolio><span>Portfolio</span></a></li><li><a href=https://daffa.info/search/ title="Search (Alt + /)" accesskey=/><span>Search</span></a></li></ul></nav></header><main class=main><header class=page-header><div class=breadcrumbs><a href=https://daffa.info/>Home</a> » <a href=https://daffa.info/tags/>Tags</a></div><h1>cve
|
||||
<a href=index.xml title=RSS aria-label=RSS><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" height="23"><path d="M4 11a9 9 0 019 9"/><path d="M4 4a16 16 0 0116 16"/><circle cx="5" cy="19" r="1"/></svg></a></h1></header><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-36346</h2></header><div class=entry-content><p>Description Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress.
|
||||
Plugin Name MaxButtons
|
||||
Installation Number 100,000+
|
||||
Affected Version <= 9.2
|
||||
Fixed Version 9.3
|
||||
Advisory Link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-08-22 11:30:03 +0000 UTC'>August 22, 2022</span> · Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-36346" href=https://daffa.info/cve/cve-2022-36346/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-33201</h2></header><div class=entry-content><p>Description Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key.
|
||||
Plugin Name MailerLite – Signup forms (official)
|
||||
Installation Number 60,000+
|
||||
Affected Version <= 1.5.6
|
||||
Fixed Version 1.5.7
|
||||
Advisory link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-05-08 11:30:03 +0000 UTC'>May 8, 2022</span> · Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-33201" href=https://daffa.info/cve/cve-2022-33201/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-27848</h2></header><div class=entry-content><p>Description Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Modern Events Calendar Lite (WordPress plugin) <= 6.5.1
|
||||
Plugin Name Modern Events Calendar Lite
|
||||
Installation Number 100,000+ (Closed)
|
||||
Affected Version <= 6.5.1
|
||||
Fixed Version 6.5.2
|
||||
Advisory link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-04-14 11:30:03 +0000 UTC'>April 14, 2022</span> · Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-27848" href=https://daffa.info/cve/cve-2022-27848/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-27844</h2></header><div class=entry-content><p>Description Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70
|
||||
Plugin Name WPvivid
|
||||
Installation Number 200,000+
|
||||
Affected Version <= 0.9.70
|
||||
Fixed Version 0.9.71
|
||||
Advisory link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-04-11 11:30:03 +0000 UTC'>April 11, 2022</span> · Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-27844" href=https://daffa.info/cve/cve-2022-27844/></a></article><article class="post-entry tag-entry"><header class=entry-header><h2>CVE-2022-25618</h2></header><div class=entry-content><p>Description Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27
|
||||
Plugin Name wpDataTables
|
||||
Installation Number 60,000+
|
||||
Affected Version <= 2.1.27
|
||||
Fixed Version 2.1.28
|
||||
Advisory link MITRE WPScan Patchstack</p></div><footer class=entry-footer><span title='2022-04-04 11:30:03 +0000 UTC'>April 4, 2022</span> · Muhammad Daffa</footer><a class=entry-link aria-label="post link to CVE-2022-25618" href=https://daffa.info/cve/cve-2022-25618/></a></article><footer class=page-footer><nav class=pagination><a class=prev href=https://daffa.info/tags/cve/page/2/>« Prev </a>
|
||||
<a class=next href=https://daffa.info/tags/cve/page/4/>Next »</a></nav></footer></main><footer class=footer><span>© 2022 <a href=https://daffa.info/>Muhammad Daffa</a></span>
|
||||
<span>Powered by
|
||||
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
|
||||
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let b=document.querySelector("#menu-trigger"),m=document.querySelector(".menu");b.addEventListener("click",function(){m.classList.toggle("hidden")}),document.body.addEventListener("click",function(e){b.contains(e.target)||m.classList.add("hidden")}),document.querySelector("#cd").innerText=(new Date).getFullYear()</script><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue