Security
Headlines
HeadlinesLatestCVEs

Tag

#java

CVE-2023-39053: 服部屋

An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

CVE
#java
CVE-2023-39047: shouzu sweets oz

An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages.

Iran’s MuddyWater Group Targets Israelis with Fake Memo Spear-Phishing

By Deeba Ahmed MuddyWater (aka Mango Sandstorm and Static Kitten) is a cyberespionage group that's believed to be active since 2017. This is a post from HackRead.com Read the original post: Iran’s MuddyWater Group Targets Israelis with Fake Memo Spear-Phishing

CVE-2023-5035: PT-G503 Series Multiple Vulnerabilities

A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.

CVE-2023-46475: GitHub - easysoft/zentaopms: Zentao is an agile(scrum) project management system/tool, Free Upgrade Forever!​

A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.

CVE-2023-46475: CVE-Disclosures/ZentaoPMS/CVE-2023-46475/CVE-2023-46475 - Cross-Site Scripting (Stored).md at main · elementalSec/CVE-Disclosures

A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.

CVE-2023-43193: CVE-2023-43193: Submitty Cross-Site Scripting (XSS) Vulnerability Report

Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). An attacker can create a malicious link in the forum that leads to XSS.

Attackers use JavaScript URLs, API forms and more to scam users in popular online game “Roblox”

Knowing the common scams is an important step in using the platform safely. The following recommendations help players not fall into scams.

CVE-2023-1715: (CVE-2023-1715 & CVE-2023-1716) Bitrix24 Stored Cross-Site Scripting (XSS) via Improper Input Neutralization on Invoice Edit Page

A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitisation via placing HTML tags at the begining of the payload.