Security
Headlines
HeadlinesLatestCVEs

Tag

#web

116 Malware Packages Found on PyPI Repository Infecting Windows and Linux Systems

Cybersecurity researchers have identified a set of 116 malicious packages on the Python Package Index (PyPI) repository that are designed to infect Windows and Linux systems with a custom backdoor. "In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard monitor to steal cryptocurrency, or both," ESET researchers Marc-Etienne M.Léveillé and Rene

The Hacker News
Open in Source
#web#windows#microsoft#linux#nodejs#backdoor#The Hacker News
CVE-2023-50011: PopojiCMS 2.0.1 Remote Command Execution ≈ Packet Storm

PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field.

CVE-2023-49828: WordPress WooPayments plugin <= 6.4.2 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.4.2.

CVE-2023-49827: WordPress Soledad theme <= 8.4.1 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.

CVE-2023-49833: WordPress Spectra plugin <= 2.7.9 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra – WordPress Gutenberg Blocks: from n/a through 2.7.9.

CVE-2023-49743: WordPress Dashboard Widgets Suite plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Dashboard Widgets Suite allows Stored XSS.This issue affects Dashboard Widgets Suite: from n/a through 3.4.1.

CVE-2023-49745: WordPress Spiffy Calendar plugin <= 4.9.5 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5.

CVE-2023-50565: Multiple stored XSS vulnerabilities in rpcms 3.5.5 · Issue #7 · ralap-z/rpcms

A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE-2023-50566: EyouCMS-V1.6.5-UTF8-SP1 has a stored XSS vulnerability · Issue #56 · weng-xianhu/eyoucms

A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter.

CVE-2022-45365: WordPress Stock Ticker plugin <= 3.23.2 - Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Uroševi? Stock Ticker allows Reflected XSS.This issue affects Stock Ticker: from n/a through 3.23.2.