A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information.

%PDF-1.5 %���� 50 0 obj << /Length 2590 /Filter /FlateDecode >> stream xڵZms�H��\_��CU�1� ��/^�Iy/N|����d? ;T�ŷ���g¤�W�X00=O�L��#ޓx��~\]������D+���$R��&���r�}�i�I�j6ga�/�ծ�ͩ���/;t���V��wC\_glݙ~W�ݪ�������ٟ��ή�g�9�(��IBN����󟁷�g�y�:�͛OHN��p�y���N��#��"A��dF��P�EZ��r�E� $5�\*rZ\\���7� Q) eS�$�t�vK� �/Mo\*9e)M��o6�Vl��P��|�����CB6E�&��z�1I�@vU�X���r�}�0$����Ѩ�Q�ּ���k��P�B�� 8���<q¥�� ы�O3��,O��k�af8�CPAq��F�M�D�H�1=P�P==�|8?9����DDD�q��\_t��&�:���A�I�#E���!$6 > �Q��&N��R\`�6�W�\[�d4���#����˓U\]�<\*\`t��k�0�P��0�'Dh�t8��A��h�-��,1����W�����:!������Y����m}���� T�H0���)��ȝS � ���qU�9۵�%CJ\_�u�+�$w?͢�O� V�ٰ!����\`pާ��N�� �W��U�(ƪ(�?���BI����)<�=�\[���e�\\�x���������t ZH$ċO����f/�=t��͵���%P�����\\�P�MٞS�g��oq�Β��Ķ2����I}D�Ȭ�Mr(<��)H�G \*DXSSf�aS�QZ�V�.\[\[��YV��gw����T��ĽQ&��v���:^aT~�?v�.�W�Fl�.6q�nwY�H��j�3&}7��/�J���N��Ht��O�ǋ?��e�%yf���ѝ���eY��ֹaG�޹��\\�2�j�a�U�=����C�$�ual�3j���j��D>Z����Xf��{GB�+5��eD4����p↺�}{}�����Le��2tL %a����+ ,���GaH�:���1R?^=\\.h�S�i\*h9�O,��pT�B�s���a�OO�7p���@�Ga�f��������1;�1Ou��\_Zk��"j��&D /���eAq��z������ ���28�}�\['�L��V��ظ������@w���8���W�l}gl�{���?�D��1�5c"�G�w{0 $��S ��Ct-r�l�ujӁ��4��� ���ᧅ�2 t������d�7/=,�a�\_1��/�Q�B ��)����ǿ܂׽9�h�:l�"�\*���t� �Ls���w���Q����Bo(sm�����28"E��45�����e#i����ou��ޜ�ob{�gyV���UbX��8��8����9\\l�(�y�\[������Bb��)����> (�@�EF���cE C)�H�z�f�U8��,6�q�2f�R�^@���#��7 M��.\_W�tv,�ɭ|4L� ��ar�Y�7��m��dX�'����H��P�������E�F��(����2��WC�IA+Mq�/)�\\,�"b\_R�aW�A�D#l�I�Ѯt�p���Q��6�ۛ�ͻ��|�L��>��n�����۫/'��釤������r�4�5B��s�?��j��̄��F�Q���e��kk�F�F\\۫ծ��{-݃���\`�vkby�1�6��V&@i�|�4I���^RCJ�5\*Psc�/@/�o}�� �\\r�G�vU�ubﲗW\\·nݽT<�fm��?f�G=� #1H{F9��˼kx��wCf� �);Qз�n̪���} S\]eoS��n�2^Iϟ�,� ��0�6����\_ٮ%���O�ac����4��b�p�H ���wI��ܓ��W��@6�H3��VH���ד-���w���/���\`�>��XH��\]�(�����@\_\\\_>��,�J�\*xtv�B�4�)!�EҴ��חoo��D�y-۲֡ =tB������~l?��a��Ca��6���\_\`���{53�ȟ2��\]��HB�s\[u����ϓ�y����!r'��Y��֏�4'k��6������d�9�������b�4q�X�\*�oq�V������19���͏�Qga��D�X��C�1퐙'6S 4,~8}m�����'9��)��T�bG{:Y7�0��V7�ž,b)|��3�: �𤷤c���t��N��{��=���\`�i�8|�<�l~g\`�5�M����B� S��=��/��l6ͳ"^�9�J9����x~~�I��Y=� � �ʡ����Cg�\[ ������:({��R��nx�G�Pd�C��cuÝI��{��{k\[��L6PKA�\]���>��I����p�\`�N�K̡v�O�����b3�s"5��0����;&e�H짵�)�x�#��&�U>�P)�y��o��氙C���$G#���G��3�t�'/��f7ʸ�U!~rAA�̎�����vQ� endstream endobj 66 0 obj << /Length 2596 /Filter /FlateDecode >> stream xڥY\[o�F~���R �(�Ë��IU8�W�\],������-%�"e7�~�3g�#�Z,�X䙙s�s��y�x����OJt7 ��3}�D��a'JW��3�u~w&���E���Q�Lt�^u{B9y��A��k^�Jϱ�Ǯ�y�;~�\*g�^���=��1���zz���C^GlPn$E'�\_���יa�׎��$��N�����3��ׅg���EbE\*t�S�T��� b�ṉ��\]���a�j����W��b?pU�O2�ņ�.�� e�>�H�2�O1O��(����z2�ۯ�}���/DFn������,��n4t��i^�c���Bg5���qՅ��(�.����Iw�뒁�����Jg:���ѼG����~��,Y�c����Jӆ�������BԠ�N\[d\_�I"Y�t6�&�����<��^��\].�h\]���/��K���3~�Ǝ^d�u�u�h���A�\[ �� �:eq� u�Y��� �g�x���z=|݌��>\`�\*v�$:��Q��+�g�H���I�2�}�7��d�i4tD��6�oU�d�o���鋦k�����%q�Ǽ0A��Y�VU����,�s�D����)<�QkZ��Sfg�"p�t�$���֕�:Xw�c(�y�0���\*+m�5�������ɪbv� \]�� w�vd�������S��y�1@�њ1>�z�xƟ/p򥮗�e�����U��BVU햫�~�ZU}{�C3�.�<�0�ؒ���;���\\ g�i�\`���+Z����C�� ��U\]����nm5j��\]<B��\`-����0\`?��t��\`P>\_�Y�PC��&�4��Oy�l.1l�0N����H��o�T/庘1$W�����ůP\*ד!�#��5��yy�I}�������-���+����ȫ~7x���=S5�. ��7>������XP��ɓ��?�a��x=���F�aR����a��z=�@�;��!m�x=���|N��^��{3M���"�������S�h�e�Dy��1���~� ؗ1l�� +x#t��BW���'�c�������\_��.�m��9\]<��gK������^i��|�؄�w�E� \\4Yr�cRb��ֳp���-�a�Վ���듵�n��ިi|�;f�F�����d�\_{�߽�f�%���mi��֗��\_��T,\\\_�Koc�\*1�Bh(<�#��h~�S?j��0<�6Q�яis��GES� m�wJuM��1�KPF�?���Ar(�K4�Y(�c�N�@�b2�\])��=���^�j�U�P�S��������P�6�q'��BϘ�n��ֻ1�";tq\_\`���P����^��NEYڈ\[!����ܢ���@���:/�(ҥdl�0�M�0d�:ܾ��=��7AWz^� �u�f���\]U�y\`��v5;O�r\]������붂�j\[��7�"J�N��Q��>�4�MU�O�lki�?�NlkZ(U�C767ʑ�\`9Ӄ�p�u j�Ao\]��˯x��˛���GM.����\_�#�����?���폇��}�nsE�Hx~�#�LpI5Q��6vc:�#Z#9��V<8� � c���hPs�v�����jD%���PD��A��G��Q�~�(���'� b�/������\[�/�G�V�SS��

CVE-2022-45936

Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the "{schedule_job}" or "args" parameter in /resque/delayed/jobs/{schedule_job}?args={args_id} to execute javascript at client side.

**Exploit Author:** TrungVM of VietSunshine Cyber Security Services

**Affected Version(s):** Resque Scheduler version 1.27.4

**Description:** Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting (XSS). A remote attacker could inject javascript code to the "**{schedule\_job}**" or "**args**" parameter in _/resque/delayed/jobs/{schedule\_job}?args={args\_id}_ to execute javascript at client side.

**Steps to reproduce:** An attacker sends a draft URL _https://{IP\]/resque/delayed/jobs/{schedule\_job}?args={args\_id}_ to a victim. When an authenticated victim opens a URL, XSS will be triggered.

*   **Ex1:** _https://{IP\]/resque/delayed/jobs/%3Csvg%20onload=alert(document.domain)_
    

*   **Ex2:** _https://{IP/resque/delayed/jobs/EventEmailSalesTeamBefore48hrsJob?args=\[%2249213%3Cimg+src=x+onerror=alert(document.domain)%3E%22\]_

CVE-2022-44303: Resque 1.27.4 - Multiple Reflected XSS in Resque Schedule Job

AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.

Permalink

Cannot retrieve contributors at this time

**add\_post\_post\_content**

AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add\_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.

**Step to Reproduct**

*   Login to admin panel -> Posts -> Add Posts -> Post Content -> inject payload <img/src/onerror=prompt(1)> -> The XSS will trigger when clicked Publish Post button

**Exploit**

Bypass escaping needs to be submitted using the Burp Suite

Click the View Post for the new submission

CVE-2022-46058: CVE/add_post_post_content.md at master · rdyx0/CVE

A vulnerability was found in ipti br.tag. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.13.0 is able to address this issue. The name of the patch is 7e311be22d3a0a1b53e61cb987ba13d681d85f06. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215431.

@@ -1,4 +1,4 @@ $('#save\_button').click(function() { $('#save\_button').click(function() { $('#quiz-form').submit(); });  
@@ -9,10 +9,10 @@ $('#delete\_button').click(function() { var action \= 'index.php?' + (url.indexOf("update") \== \-1 ? url.replace('create','delete') : url.replace('update','delete')); $('#quiz-form').attr('action', action); $('#quiz-form').submit(); } } });  
$('#save\_group\_button').click(function() { $('#save\_group\_button').click(function() { $('#group-form').submit(); });  
@@ -23,10 +23,10 @@ $('#delete\_group\_button').click(function() { var action \= 'index.php?' + (url.indexOf("update") \== \-1 ? url.replace('create','delete') : url.replace('update','delete')); $('#group-form').attr('action', action); $('#group-form').submit(); } } });  
$('#save\_question\_group\_button').click(function() { $('#save\_question\_group\_button').click(function() { $('#questiongroup-form').submit(); });  
@@ -37,11 +37,11 @@ $('#delete\_question\_group\_button').click(function() { var action \= 'index.php?' + (url.indexOf("update") \== \-1 ? url.replace('create','delete') : url.replace('update','delete')); $('#questiongroup-form').attr('action', action); $('#questiongroup-form').submit(); } } });  
  
$('#save\_question\_button').click(function() { $('#save\_question\_button').click(function() { $('#question-form').submit(); });  
@@ -52,10 +52,10 @@ $('#delete\_question\_button').click(function() { var action \= 'index.php?' + (url.indexOf("update") \== \-1 ? url.replace('create','delete') : url.replace('update','delete')); $('#question-form').attr('action', action); $('#question-form').submit(); } } });  
$('#save\_answer\_button').click(function() { $('#save\_answer\_button').click(function() { $('#answer-form').submit(); });  
@@ -80,6 +80,9 @@ var Option = function(){ contentType: "application/json; charset=utf-8" }) .done(function(data){ data \= JSON.stringify(data); data \= DOMPurify.sanitize(data); data \= JSON.parse(data); if(typeof data.errorCode != 'undefined' && data.errorCode \== '0'){ var element \= $('<tr></tr>') .attr({'option-id': data.id, 'option-description': data.description, 'option-answer': data.answer, 'option-complement': data.complement}) @@ -109,6 +112,9 @@ var Option = function(){ contentType: "application/json; charset=utf-8" }) .done(function(data){ data \= JSON.stringify(data); data \= DOMPurify.sanitize(data); data \= JSON.parse(data); if(typeof data.errorCode != 'undefined' && data.errorCode \== '0'){ var elementActive \= container.find('tr\[option-id="'+data.id+'"\]'); var element \= $('<tr></tr>') @@ -235,12 +241,12 @@ var Option = function(){ else if(type \== 'radio'){ var partialUid \= uid.substring(0,(uid.length \-1)); var elementChecked \= $('input\[id^="'+partialUid+'"\]:checked');  
if(isChecked){ $('div\[id^="'+partialUid+'"\]').each(function(){ $(this).hide(); });  
$('input\[id^="'+partialUid+'"\]').each(function(){ if($(this).attr('type') \== 'text') $(this).prop('disabled',true); @@ -286,6 +292,9 @@ var QuizQuestion = function(){ contentType: "application/json; charset=utf-8" }) .done(function(data){ data \= JSON.stringify(data); data \= DOMPurify.sanitize(data); data \= JSON.parse(data); if(typeof data.errorCode != 'undefined' && data.errorCode \== '0'){ var element \= $('<tr></tr>') .attr({'key': data.quizId + '' + data.questionId, 'quiz-id': data.quizId, 'question-id': data.questionId, 'question-description': data.description})

CVE-2022-4444: Resolvido issues do XSS · ipti/br.tag@7e311be

Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a DOM Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to steal user tokens and achieve a full account takeover including access to administrative tools in SAP Commerce.

CVE-2022-41266

Red Hat Security Advisory 2022-8915-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat Certificate System 9.7 security update  
Advisory ID:       RHSA-2022:8915-01  
Product:           Red Hat Certificate System  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8915  
Issue date:        2022-12-12  
CVE Names:         CVE-2022-2414  
====================================================================  
1. Summary:

An update is now available for Red Hat Certificate System 9.7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Certificate System 9.7 for Red Hat Enterprise Server 7 - noarch, x86_64

3. Description:

The Public Key Infrastructure (PKI) Core contains fundamental packages  
required by Red Hat Certificate System.

Security Fix(es):

* pki-core: access to external entities when parsing XML can lead to XXE  
(CVE-2022-2414)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Update RHCS version of CA, KRA, OCSP, and TKS so that it can be  
identified using a browser  [RHCS 9.7.z BU 19] (BZ#2136537)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2104676 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE

6. Package List:

Red Hat Certificate System 9.7 for Red Hat Enterprise Server 7:

Source:  
pki-core-10.5.18-24.el7pki.src.rpm  
redhat-pki-theme-10.5.18-16.el7pki.src.rpm

noarch:  
pki-ocsp-10.5.18-24.el7pki.noarch.rpm  
pki-tks-10.5.18-24.el7pki.noarch.rpm  
redhat-pki-console-theme-10.5.18-16.el7pki.noarch.rpm  
redhat-pki-server-theme-10.5.18-16.el7pki.noarch.rpm

x86_64:  
pki-core-debuginfo-10.5.18-24.el7pki.x86_64.rpm  
pki-tps-10.5.18-24.el7pki.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2414  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5esbtzjgjWX9erEAQjepw/7BtC0SysEd8Pdpp3aQgfcJLV7FrT7Ltch  
k1O0InehoPNEy56vDLF/PvfjnDpSIwjjWkxrMKE9d3yBTImVNNf3K8DZ0WRqB6o4  
ohMVFPlS1pJ50wtEP5taqH+OX60WVnv9prcZbjr4Elk+cDU32I5lXK6zFwJA7o/f  
svdQrpiTe3wDmjHmROdvmbksRoptfWyR7Cv/yOAJevs4wxMySRZiNr7ECqfYDypX  
8gSK0PZPsk0i/hy4hOh6Hfu6teTZ6fpruI+cS4XqK2sfMgvEvXuzDCAwkyJfDgGy  
kwUfzbtvY/5+bkD7XX7NOqUMVLfXIeiKNiEiQPLbBz9Anl5SwBH70ZINcEjUNTPE  
VgaZVyjVQ2z7CHT9BVuixogKiDRRQYgNXZHfvqI+bSecEcOcHN2TNf7bFh6yVOYk  
w661AW8eYS7qK6E+T0rSPetVPyeT6xNquJTyZQ1gS6euohES8lN4xQArW7zkNHIf  
23SuVDxvnkR/MJ83dmVH2yl6DfnHfI9QJD8B3gPaN1iKHT9Ql5BXSqwxfO+Qdnde  
+Tol4VlOOCJGlvSmBAoKi6U44fHAnx8uwhu6DLk5wG3mBkqaIAwdjjLF9b7z7cQj  
SoUQvkoWmsopfZIrDpKQC6tLo7cw9w44xRf05PSwIsuXSsBRs2gWBngTrb8Tcqj9  
2HlQHjaC+Xcl+u  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8915-01

Sophos research unveiled at Black Hat Europe details a thriving subeconomy of fraud on the cybercrime underground, aimed at Dark Web forum users.

Cybercriminals are often seen as parasites, feeding off a wide swath of victims of every size and stripe. But as it turns out, they've become targets in their own right, with a host of bottom-feeding "metaparasites" flocking to Dark Web marketplaces to find their own set of marks.

It's a phenomenon that has the happy side effect of exposing a rich vein of threat intelligence to researchers, including contact and location details of cybercriminals.

Sophos senior threat researcher Matt Wixey took to the stage at Black Hat Europe 2022 to discuss the metaparasite ecosystem, in a session entitled "Scammers Who Scam Scammers, Hackers Who Hack Hackers." According to research he did with fellow researcher Angela Gunn, the underground economy is riddled with a wide variety of fraudsters, who successfully extract millions of dollars per year from their fellow cybercriminals.

The pair examined 12 months of data across three Dark Web forums (Russian-speaking Exploit and XSS, and English-speaking Breach Forums), and uncovered thousands of successful scam efforts.

"It's pretty rich pickings," Wixey said. "Scammers scammed users of these forums out of about $2.5 million US dollars over the course of 12 months. The amounts per scam can be as little as $2 on up to the low six figures."

    

Source: Sophos

The tactics vary, but one of the most common — and the most crude — is a gambit known as the "rip and run." This refers to one of two "rip" variants: A buyer receives goods (an exploit, sensitive data, valid credentials, credit-card numbers, etc.) but doesn't pay for them; or, a seller is paid and never delivers what's been promised. The "run" portion refers to the scammer disappearing from the marketplace and refusing to answer any enquiries. Consider it a Dark Web version of the dine-and-dash.

There are also plenty of scammers hawking fake goods — such as nonexistent crypto accounts, macro builders that build nothing nefarious, fake data, or databases that are either already publicly available or have previously been leaked.

Some of these can get creative, Wixey explained.

"We found a service claiming to be able to bind an .EXE text to a PDF, so that when the victim clicked on the PDF, it would load while in the background, the .EXE would run silently," he said. "What the scammer actually did was just sent them back a document with a PDF icon, which wasn't actually a PDF nor did it contain an .EXE. They were hoping that the buyer didn't really know what they're asking for or how to check it."

Also common are scams where a seller offers legitimate goods that aren't quite of the quality that has been advertised — like credit card data claiming to be 30% valid, when in reality only 10% of the cards work. Or the databases are real but being advertised as "exclusive" while the seller is actually reselling them to multiple takers.

In some cases, fraudsters work in tandem in more of a long-con fashion, he added. Sites tend to be exclusive, which foments "a degree of intrinsic trust" that they can play upon, according to Wixey.

"One will build a rapport with a target and offer to provide a service; they'll then say that they actually know someone else who can do this work much better, who's an expert on the subject," Wixey explained. "They will often point them to a fake forum that a second person works and operates, which requires some sort of deposit or registration fee. The victim pays the registration fee, and then both scammers just disappear."

**How Forums Fight Back**

The activity has an adverse effect on the use of Dark Web forums — acting as an "effective tax on criminal marketplaces, making it more expensive and more dangerous for everyone else," Wixey noted. As such, ironically, many markets are implementing security measures to help curb the tide of fraud.

Forums face several challenges when it comes to putting in safeguards: There's no recourse to law enforcement or regulatory authorities for one; and it's a semianonymous culture, making it difficult to track culprits. So, the anti-fraud controls that have been put in place tend to focus on tracking the activity and issuing warnings.

For instance, some sites offer plug-ins that will check a URL to make sure it links to a verified cybercrime forum, not a fake site where users are defrauded via a bogus "joining fee." Others might run a "blacklist" of confirmed scammer tools and user names. And most have a dedicated arbitration process, where users can file a scam report.

"If you've been scammed by another user on the forum, you go to one of these arbitration rooms and you start a new thread and you supply some information," according to Wixey. That may consist of the username and contact details of the alleged scammer, proof of purchase or wallet transfer details, and as many details of the scam — including screenshots and chat logs — as possible.

"A moderator reviews the report, they ask for more information as it's needed, and they will then tag the accused person and give them somewhere between 12 and 72 hours to respond, depending on the forum," Wixey said. "The accused might make restitution, but that's pretty rare. What more commonly happens is that the scammer will dispute the report and claim it's due to a misunderstanding of the terms of the sale."

Some just don't respond, and in that case, they're either temporarily or permanently banned.

Another security option for forum users is the use of a guarantor — a site-verified resource that acts as an escrow account. The money to be exchanged is parked there until the goods or services are confirmed as being legitimate. However, guarantors themselves are often impersonated by fraudsters.

**A Treasure Trove of Threat Intelligence**

While the research offers a view into the inner workings of an interesting subsliver of the Dark Web world, Wixey also noted that the arbitration process in particular gives researchers a fantastic source of threat intelligence.

"Forums demand proof when a scam is alleged, and that includes things like screenshots and chat logs — and victims are typically only too happy to oblige," he explained. "A minority of them redact that evidence or restrict it, so it's only visible to a moderator, but most don't. They will post unredacted screenshots and chat logs, which often contain a treasure trove of cryptocurrency addresses, transaction IDs, email addresses, IP addresses, victim names, source code, and other information. And that's in contrast to most other areas of criminal marketplaces where OpSec is normally pretty good."

Some scam reports also include full screenshots of a person's desktop, including date, time, the weather, the language, and the applications — offering breadcrumbs to location.

In other words, normal precautions go out the window. A Sophos analysis of the most recent 250 scam reports on the three forums found that almost 40% of them included some kind of screenshot; only 8% restricted access to evidence or offered to submit it privately.

"In general, scam reports can be useful both for technical intelligence and for strategic intelligence," Wixey concluded.

"The big takeaway here is that threat actors don't seem to be immune to deception, social engineering or fraud," he added. "In fact, they seem to be as vulnerable as anyone else. Which is kind of interesting because these are exactly the kinds of techniques that they're using against other users."

Metaparasites & the Dark Web: Scammers Turn on Their Own

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS.

CVE-2022-46906

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS.

CVE-2022-46905

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Self-XSS.

Tag

#xss