Tag
#vulnerability
### Summary The application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and 'saveManifest' endpoints take user input and store it in the JSON schema for the site. This content is then rendered in the generated HAX site. Although the application does not allow users to supply a 'script' tag, it does allow the use of other HTML tags to run JavaScript. ### Affected Resources - [Operations.php:258](https://github.com/haxtheweb/haxcms-php/blob/master/system/backend/php/lib/Operations.php#L258) `saveManifest()` - [Operations.php:868](https://github.com/haxtheweb/haxcms-php/blob/master/system/backend/php/lib/Operations.php#L868) `saveNode()` - `https://<site>/<user>/system/api/saveNode` - `https://<site>/<user>/system/api/saveManifest` ### Impact An authenticated attacker can use the site editor and settings editor to store malicious payloads in a HAX site which execute arbitrary JavaScript when a user visits the sit...
SentinelLABS uncovers widespread China-linked cyber espionage targeting over 70 global organizations and cybersecurity firms between July 2024 and…
A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct distributed denial-of-service (DDoS) attacks. Akamai, which first discovered the exploitation efforts in late March 2025, said the malicious campaign targets CVE-2025-24016 (CVSS score: 9.9), an unsafe deserialization vulnerability that
Phone numbers are a goldmine for SIM swappers. A researcher found how to get this precious piece of information through a clever brute-force attack.
### Impact The application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. ### Patches The issue is fixed in https://github.com/barryvdh/laravel-translation-manager/pull/475 which is released in version 0.6.8 ### Workarounds Only authenticated users with access to the translation manager are impacted. ### References [[PT-2025-04] laravel translation manager.pdf](https://github.com/user-attachments/files/20639250/PT-2025-04.laravel.translation.manager.pdf) ### Reported by Positive Technologies (Artem Deikov, Ilya Tsaturov, Daniil Satyaev, Roman Cheremnykh, Artem Danilov, Stanislav Gleym)
### Summary The `env` and `expandenv` template functions which is enabled by default in [Sprig](https://masterminds.github.io/sprig/) enables capturing of env variables on host. While this may not be a problem on single-user (super admin) installations, on multi-user installations, this allows non-super-admin users with campaign or template permissions to use the `{{ env }}` template expression to capture sensitive environment variables. **Upgrade to [v5.0.2](https://github.com/knadh/listmonk/releases/tag/v5.0.2)** to mitigate. --------- # Demonstration ### Description A critical template injection vulnerability exists in Listmonk's campaign preview functionality that allows authenticated users with minimal privileges (campaigns:get & campaigns:get_all) to extract sensitive system data, including database credentials, SMTP passwords, and admin credentials due to some dangerous function being allowed. ### Proof of Concept - Create a user and give him `campaigns:get` and `campaigns...
It seems not a day goes by without news of another crypto scam targeting unsuspecting holders. Those owning…
A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster
The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.
Red Hat is built on open source, a global decentralized and transparent community of international engineers who put security at the forefront of technology. Red Hat Enterprise Linux (RHEL) is the trusted operating system (OS) used by more than 90% of Fortune 500 companies and customers in more than 174 countries. This trust is earned largely due to RHEL's reliability and stability as well as Red Hat's long history of actively contributing to open source projects. There is one key factor that is often discounted with respect to the Linux OS, however, which is its reputation for having enhanced