Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-42362: GitHub - Mr-n0b3dy/CVE-2023-42362

An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file.

CVE
Open in Source
#xss#vulnerability#web#git#java#auth

CVE-2023-42362****Author: Abdelrahman Mohamed (Mr-n0b3dy)****Linked-in: https://www.linkedin.com/in/abdelrhman-mohamed-ashraf-7bb43410b/****Vulnerability Name: Unrestricted File Upload that led to ATO****Severity: High****Product: NCR teller web app****Version: 4.4.0****Description:

The Unrestricted File Upload leading to Stored Cross-Site Scripting (XSS) vulnerability is a security issue identified within the web application. This vulnerability arises due to a lack of proper input validation in the file upload functionality.

Impact:

Attackers can upload a malicious file containing JavaScript code that enables them to hijack the admin session, which is already stored in the local storage. This breach could result in an account takeover of the admin account, granting them full access to administrator functionalities.

Recommendations:

Install the latest version of the NCR Teller web app.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE