Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2021-43409: WordPress + Microsoft Office 365 / Azure AD | LOGIN Persistent Cross-Site Scripting (CVE-2021-43409)

The "WPO365 | LOGIN" WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. In this case, the XSS payload can be submitted by any anonymous user, the payload then renders and executes when a WordPress administrator authenticates and accesses the WordPress Dashboard. The injected payload can carry out actions on behalf of the administrator including adding other administrative use...

CVE
Open in Source
#xss#vulnerability#microsoft
CVE-2021-38022: Chromium: CVE-2021-38022 Inappropriate implementation in WebAuthentication

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-38021: Chromium: CVE-2021-38021 Inappropriate implementation in referrer

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-38020: Chromium: CVE-2021-38020 Insufficient policy enforcement in contacts picker

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-38019: Chromium: CVE-2021-38019 Insufficient policy enforcement in CORS

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-38005: Chromium: CVE-2021-38005 Use after free in loader

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-38006: Chromium: CVE-2021-38006 Use after free in storage foundation

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-38009: Chromium: CVE-2021-38009 Inappropriate implementation in cache

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-38008: Chromium: CVE-2021-38008 Use after free in media

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-43221: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45