Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2021-4234: Access Server Release Notes | OpenVPN

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.

CVE
Open in Source
#sql#xss#csrf#vulnerability#web#ios#android#mac#windows#google#microsoft#amazon#ubuntu#linux#debian#red_hat#dos#redis#js#git#oracle#c++#perl#ldap#aws#bios#auth#ssh#ibm#sap#ssl
CVE-2015-3172: Security Patch by yewang · Pull Request #26 · jkk/eidogo

EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input.

Red Hat Security Advisory 2022-5498-01

Red Hat Security Advisory 2022-5498-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include HTTP request smuggling, buffer overflow, bypass, code execution, cross site scripting, denial of service, heap overflow, information leakage, privilege escalation, remote shell upload, remote SQL injection, and traversal vulnerabilities.

EQS Integrity Line Cross Site Scripting / Information Disclosure

EQS Integrity Line versions through 2022-07-01 suffer from cross site scripting and sensitive information disclosure vulnerabilities.

Magnolia CMS 6.2.19 Cross Site Scripting

Magnolia CMS versions 6.2.19 and below suffer from a persistent cross site scripting vulnerability.

CVE-2021-31678: GitHub - RO6OTXX/pescms_vulnerability

An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company.

Vulnerability Management news and publications #1

Hello everyone! In this episode, I will try to revive Security News with a focus on Vulnerability Management. On the one hand, creating such reviews requires free time, which could be spent more wisely, for example, on open source projects or original research. On the other hand, there are arguments in favor of news reviews. […]

The End of False Positives for Web and API Security Scanning?

July may positively disrupt and adrenalize the old-fashioned Dynamic Application Security Scanning (DAST) market, despite the coming holiday season. The pathbreaking innovation comes from ImmuniWeb, a global application security company, well known for, among other things, its free Community Edition that processes over 100,000 daily security scans of web and mobile apps.  Today, ImmuniWeb

CVE-2022-35229: [ZBX-21306] Reflected XSS in discovery page of Zabbix Frontend [CVE-2022-35229]

An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.

CVE-2022-35230: [ZBX-21305] Reflected XSS in graphs page of Zabbix Frontend [CVE-2022-35230]

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.