Tag
#mac
Ramat Gan, Israel, 7th January 2025, CyberNewsWire
### Summary There are several sources of arbitrary, unescaped user input being used to construct HTML, which allows any user that can edit pages or otherwise render wikitext to XSS other users. > Edit: Only the first XSS can be reproduced in production. ### Details > ✅ Verified and patched in f229cab099c69006e25d4bad3579954e481dc566 https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/blob/2526daa9f8cfdd616c861c8439755cb74a6c8c6e/includes/TabberTransclude.php#L154 This doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This was caused by d8c3db4e5935476e496d979fb01f775d3d3282e6. ---- > ❌ Invalid as MediaWiki parser sanitizes dangerous HTML https://github.com/StarCitizenTools/mediawiki-extensions-TabberNeue/blob/2526daa9f8cfdd616c861c8439755cb74a6c8c6e/includes/Tabber.php#L160 The documentation for [`Parser::recursiveTagParse()`](https://doc.wikimedia.org/mediawiki-core/REL1_42/php/classMediaWiki_1_1Par...
AI is now essential for businesses, driving efficiency, innovation, and growth. Leverage its power for better decisions, customer…
Businesses are perpetually under pressure to innovate in a fast-paced digital era. But legacy applications, written with outdated…
The Christmas Eve compromise of data-security firm Cyberhaven's Chrome extension spotlights the challenges in shoring up third-party software supply chains.
Researchers discovered a malicious package on the npm package registry that resembles a library for Ethereum smart contract vulnerabilities but actually drops an open-source remote access trojan called Quasar RAT onto developer systems.
An overview of what the year 2024 had to offer in the realm of data breaches: Big ones, sensitive data and some duds
The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens' personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela. "This final rule is a crucial step forward in addressing the extraordinary national security threat posed of our
This week on the Lock and Code podcast, we speak with Anna Brading and Mark Stockley about whether anywhere is safe from AI slop.