Tag
#java
An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
By Deeba Ahmed MuddyWater (aka Mango Sandstorm and Static Kitten) is a cyberespionage group that's believed to be active since 2017. This is a post from HackRead.com Read the original post: Iran’s MuddyWater Group Targets Israelis with Fake Memo Spear-Phishing
Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS).
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.
A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.
A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.
Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). An attacker can create a malicious link in the forum that leads to XSS.
Knowing the common scams is an important step in using the platform safely. The following recommendations help players not fall into scams.
A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitisation via placing HTML tags at the begining of the payload.