Ubuntu Security Notice USN-7121-3

Debian Security Advisory 5818-1

Ubuntu Security Notice USN-7124-1

Debian Security Advisory 5817-1

Mandos Encrypted File System Unattended Reboot Utility 1.8.18

Solar-Log 200 PM+ version 3.6.0 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Stored XSS in Solar-Log 200 3.6.0 web panel# Date: 10-30-23# Exploit Author: Vincent McRae, Mesut Cetin - Redteamer IT Security# Vendor Homepage: https://www.solar-log.com/en/# Version: Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019# Tested on: Proprietary devices: https://www.solar-log.com/en/support/firmware/# CVE: CVE-2023-46344# POC:1. Go to solar panel2. Go to configuration -> Smart Energy -> "drag & drop" button.3. Change "name" to: <xss onmouseenter="alert(document.cookie)"style=display:block>test</xss>4. Once you hover over "test", you get XSS -> if a higher privilegeduser hovers over it, we can get their cookies.

Headline

Solar-Log 200 PM+ 3.6.0 Cross Site Scripting

Packet Storm: Latest News