#chrome

Hello everyone! Let’s take a look at Microsoft’s September Patch Tuesday. This time it is quite compact. There were 63 CVEs released on Patch Tuesday day. If we add the vulnerabilities released between August and September Patch Tuesdays (as usual, they were in Microsoft Edge), the final number is 90. Much less than usual. Alternative […]

Feehi CMS version 2.1.1 suffers from an authenticated remote code execution vulnerability.

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  We’ve seen attackers capitalize on the news time and again, from COVID-19 to U.S.-North Korea relationships and, of course, holiday shopping sales every November.  So, I was far from surprised to see that attackers are already using U.S. President Joe Biden’s student loan forgiveness plan as a basis for scams and phishing emails.   The Better Business Bureau and the U.S. Federal Trade Commission both released warnings over the past few weeks around fake offers, scams and website links related to the debt forgiveness plan, with which some borrowers will have up to $20,000 worth of loans forgiven.  Many of these scams, coming via phone calls, text messages and emails, are promising to provide guaranteed access to the forgiveness program or early applications for a fee. (Hint: This will not work.) These attackers may also be looking to steal personal information by asking for things like names, ad...

Multix version 2.4 suffers from a cross site request forgery vulnerability.

Multix version 2.4 suffers from a cross site scripting vulnerability.

Multiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin <= 6.0.7 at WordPress.

Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.

SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php.

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter.

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName parameter.