Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-44765: GitHub - sromanhu/ConcreteCMS-Stored-XSS---Associations: Cross Site Scripting vulnerability in ConcreteCMS v.9.2.1 allows a local attacker to execute arbitrary code via a crafted script to the Plural

A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.

CVE
Open in Source
#xss#vulnerability#web#git#java#auth
CVE-2023-44764: GitHub - sromanhu/ConcreteCMS-Stored-XSS---Site_Installation: Cross Site Scripting vulnerability in ConcreteCMS v.9.2.1 allows a local attacker to execute arbitrary code via a crafted script to the SI

A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SITE parameter from installation or in the Settings.

CVE-2023-44766: GitHub - sromanhu/ConcreteCMS-Stored-XSS---SEO: Cross Site Scripting vulnerability in ConcreteCMS v.9.2.1 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Header Ext

A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings.

CVE-2023-44770: ZenarioCMS--Reflected-XSS---Organizer-Alias/README.md at main · sromanhu/ZenarioCMS--Reflected-XSS---Organizer-Alias

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias.

Amazon Prime email scammer snatches defeat from the jaws of victory

Categories: News Categories: Scams A very convincing Amazon Prime scam landed in our mail server today and...went straight to spam. Here's why. (Read more...) The post Amazon Prime email scammer snatches defeat from the jaws of victory appeared first on Malwarebytes Labs.

Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike

Threat actors have been observed targeting semiconductor companies in East Asia with lures masquerading as Taiwan Semiconductor Manufacturing Company (TSMC) that are designed to deliver Cobalt Strike beacons. The intrusion set, per EclecticIQ, leverages a backdoor called HyperBro, which is then used as a conduit to deploy the commercial attack simulation software and post-exploitation toolkit.

New OS Tool Tells You Who Has Access to What Data

Ensuring sensitive data remains confidential, protected from unauthorized access, and compliant with data privacy regulations is paramount. Data breaches result in financial and reputational damage but also lead to legal consequences. Therefore, robust data access security measures are essential to safeguard an organization’s assets, maintain customer trust, and meet regulatory requirements.  A