#xss

Categories: Threat Intelligence Tags: darkgate Tags: autoit Tags: malvertising Tags: seo poisoning The new version of the DarkGate malware is currently actively being distributed via malspam, malicious ads and SEO poisoning. (Read more...) The post DarkGate reloaded via malvertising and SEO poisoning campaigns appeared first on Malwarebytes Labs.

An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.

Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.

Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request.

A reflected cross site scripting (XSS) vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi

Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.

A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php.

Dolibarr version 17.0.1 suffers from a persistent cross site scripting vulnerability.

PHPJabbers Business Directory Script version 3.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

FOG Forum version 0.8 suffers from a cross site scripting vulnerability.