Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2021-42308

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE
Open in Source
#vulnerability#microsoft
CVE-2021-36884: Backup Migration

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin <= 1.1.5 versions.

CVE-2021-33850: 2021-33850 - Stored cross site scripting (XSS) in WordPress Microsoft Clarity Plugin

There is a Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3. The XSS payload executes whenever the user changes the clarity configuration in Microsoft Clarity version 0.3. The payload is stored on the configuring project Id page.

CVE-2021-43409: WordPress + Microsoft Office 365 / Azure AD | LOGIN Persistent Cross-Site Scripting (CVE-2021-43409)

The "WPO365 | LOGIN" WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. In this case, the XSS payload can be submitted by any anonymous user, the payload then renders and executes when a WordPress administrator authenticates and accesses the WordPress Dashboard. The injected payload can carry out actions on behalf of the administrator including adding other administrative use...

CVE-2021-38022: Chromium: CVE-2021-38022 Inappropriate implementation in WebAuthentication

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-38021: Chromium: CVE-2021-38021 Inappropriate implementation in referrer

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-38020: Chromium: CVE-2021-38020 Insufficient policy enforcement in contacts picker

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-38019: Chromium: CVE-2021-38019 Insufficient policy enforcement in CORS

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-38005: Chromium: CVE-2021-38005 Use after free in loader

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45

CVE-2021-38006: Chromium: CVE-2021-38006 Use after free in storage foundation

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 96.0.1052.29 11/19/2021 96.0.4664.45