#apple

A vulnerability classified as problematic was found in SourceCodester Simple Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ci_ssms/index.php/orders/create. The manipulation of the argument customer_name with the input <script>alert("XSS")</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Single-click account takeovers are made possible by taking advantage of quirks in OAuth

By Deeba Ahmed Earlier in March this year, Ronin Network (RON), a blockchain network underpinning the famous crypto game Axie Infinity… This is a post from HackRead.com Read the original post: Hackers Used Fake LinkedIn Job Offer to Hack Off $625M from Axie Infinity

Plus: A duplicitous bug bounty scheme, the iPhone's new “lockdown mode,” and more of the week's top security news.

DID promises to give web users more control over their digital identities

By Deeba Ahmed Apple has announced adding a new feature to iOS devices dubbed the Lockdown Mode. This feature aims to… This is a post from HackRead.com Read the original post: Apple Debuts Lockdown Mode to Prevent State-Sponsored Spying

Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php.

Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals.

It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value.

Latest feature will protect against targeted attacks