Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

TEM Opera Plus FM Family Transmitter 35.45 XSRF

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Zero Science Lab
Open in Source
#xss#csrf#vulnerability#web
9 vulnerabilities found in VPN software, including 1 critical issue that could lead to remote code execution

Attackers could exploit these vulnerabilities in the SoftEther VPN solution for individual and enterprise users to force users to drop their connections or execute arbitrary code on the targeted machine.

Winter Vivern APT Blasts Webmail Zero-Day Bug With One-Click Exploit

A campaign targeting European governmental organizations and a think tank shows consistency from the low-profile threat group, which has ties to Belarus and Russia.

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using known

APT Winter Vivern Exploits New Roundcube 0-Day to Target European Entities

By Waqas ESET Research Uncovers New Targeted Campaign Impacting European Governments and Think Tanks. This is a post from HackRead.com Read the original post: APT Winter Vivern Exploits New Roundcube 0-Day to Target European Entities

WordPress LiteSpeed Cache 5.6 Cross Site Scripting

WordPress LiteSpeed Cache plugin versions 5.6 and below suffer from a persistent cross site scripting vulnerability.

GHSA-4qv6-37xq-mgq2: Concrete CMS Cross-site Scripting vulnerability

Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics.

CVE-2023-46059: vulnerabilities/geeklog/reflected_XSS_in_editservice.md at main · CrownZTX/vulnerabilities

Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component.

CVE-2023-46058: vulnerabilities/geeklog/Stored_XSS_in_group.php.md at main · CrownZTX/vulnerabilities

Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component.

CVE-2023-43358: GitHub - sromanhu/CVE-2023-43358-CMSmadesimple-Stored-XSS---News: Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.