Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-37893: WordPress Coming Soon Chop Chop plugin <= 2.2.4 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chop-Chop Coming Soon Chop Chop plugin <= 2.2.4 versions.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth
Red Hat Security Advisory 2023-4920-01

Red Hat Security Advisory 2023-4920-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.5 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4924-01

Red Hat Security Advisory 2023-4924-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.5 serves as a replacement for Red Hat Single Sign-On 7.6.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a denial of service vulnerability.

CVE-2023-25044: WordPress Social Share Boost plugin <= 4.4 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <= 4.4 versions.

CVE-2023-25042: WordPress oAuth Twitter Feed for Developers plugin <= 2.3.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy (Storm Consultancy) oAuth Twitter Feed for Developers plugin <= 2.3.0 versions.

CVE-2023-24412: WordPress Image Social Feed Plugin plugin <= 1.7.6 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <= 1.7.6 versions.

CVE-2023-40970: [Security Bugs] SQL Injection at loan_rules.php · Issue #205 · slims/slims9_bulian

Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php.

CVE-2023-25488: WordPress WP Default Feature Image plugin <= 1.0.1.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc Bui Quang WP Default Feature Image plugin <= 1.0.1.1 versions.

A firsthand perspective on the recent LinkedIn account takeover campaign

Categories: News Tags: LinkedIn Tags: sessions Tags: contacts It started with a password reset email in the middle of the night. (Read more...) The post A firsthand perspective on the recent LinkedIn account takeover campaign appeared first on Malwarebytes Labs.