Tag
#web
### Summary There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. Our filter to detect and prevent the use of the `javascript:` URL scheme in the `href` attribute of an `<a>` tag could be bypassed with tab `\t` or newline `\n` characters between the characters of the protocol, e.g. `java\tscript:`. ### Impact If you render an `<a>` tag with an `href` attribute set to a user-provided link, that link could potentially execute JavaScript when clicked by another user. ```ruby a(href: user_profile) { "Profile" } ``` ### Mitigation The best way to mitigate this vulnerability is to update to one of the following versions: - [1.10.1](https://rubygems.org/gems/phlex/versions/1.10.1) - [1.9.2](https://rubygems.org/gems/phlex/versions/1.9.2) - [1.8.3](https://rubygems.org/gems/phlex/versions/1.8.3) - [1.7.2](https://rubygems.org/gems/phlex/versions/1.7.2) - [1.6.3](https://rubygems.org/gems/phlex/versions/1.6.3) - [1.5.3](htt...
By Waqas A critical vulnerability named LeakyCLI exposes sensitive cloud credentials from popular tools used with AWS and Google Cloud. This poses a major risk for developers, showing the need for strong security practices. Learn how to mitigate LeakyCLI and fortify your cloud infrastructure. This is a post from HackRead.com Read the original post: New Vulnerability “LeakyCLI” Leaks AWS and Google Cloud Credentials
The two allegedly sold the Trojan on Hack Forums, allowing other threat actors to gain unauthorized control, disable programs, browse files, record keystrokes, and steal credentials.
Centreon version 23.10-1.el8 suffers from a remote authenticated SQL injection vulnerability.
Backdoor.Win32.Dumador.c malware suffers from a buffer overflow vulnerability.
Ubuntu Security Notice 6732-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
The scam is spreading across the US and impersonates the specific toll-collection services of each state in malicious SMS messages.
New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. "Some commands on Azure CLI, AWS CLI, and Google Cloud CLI can expose sensitive information in
A threat actor claims to be in possession of 2.8 million records originating from a hack at Canadian retail chain Giant Tiger