Tag
#xss
An ongoing social engineering campaign with alleged links to the Black Basta ransomware group has been linked to "multiple intrusion attempts" with the goal of conducting credential theft and deploying a malware dropper called SystemBC. "The initial lure being utilized by the threat actors remains the same: an email bomb followed by an attempt to call impacted users and offer a fake solution,"
Kortex version 1.0 suffers from an insecure direct object reference vulnerability.
WordPress MapFig Studio plugin versions 0.2.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
Debian Linux Security Advisory 5743-2 - Multiple cross-site scripting vulnerabilities were discovered in RoundCube webmail.
WordPress Profilepro plugin versions 1.3 and below suffer from a persistent cross site scripting vulnerability.
WordPress PVN Auth Popup plugin version 1.0.0 suffers from a persistent cross site scripting vulnerability.
**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?** The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.
**How could an attacker exploit this vulnerability?** A cross-site scripting vulnerability existed in virtual public IP address that impacted related endpoints. For more information on the impacted virtual public IP address, see here: What is IP address 168.63.129.16? | Microsoft Learn. An unauthenticated attacker could exploit this vulnerability by getting the victim to load malicious code into their web browser on the virtual machine, allowing the attacker to leverage an implicit identity of the virtual machine. The victim's web browser then would determine which host endpoints are accessible.
Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject malicious code into fields due to insufficient input validation.