Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

Savsoft Quiz 6.0 Enterprise Cross Site Scripting

Savsoft Quiz version 6.0 Enterprise suffers from a persistent cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#web#windows#apple#linux#php#auth#chrome#webkit
SPA-CART CMS 1.9.0.3 Cross Site Scripting

SPA-CART CMS version 1.9.0.3 suffers from a persistent cross site scripting vulnerability.

GHSA-3jcv-5f9p-2f2p: Cross-site Scripting in electron-pdf

electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.

GHSA-p3rv-qj56-2fqx: Cross-site Scripting in Pyhtml2pdf

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.

Russian Hackers Hit Mail Servers in Europe for Political and Military Intel

By Deeba Ahmed Email servers compromised in 80 organizations as Russian-linked TAG-70 group targets European governments. This is a post from HackRead.com Read the original post: Russian Hackers Hit Mail Servers in Europe for Political and Military Intel

InstantCMS 2.16.1 Cross Site Scripting

InstantCMS version 2.16.1 suffers from a persistent cross site scripting vulnerability that appears to require administrative access.

WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution

WonderCMS version 4.3.2 remote exploit that leverages cross site scripting to achieve remote code execution.

GHSA-5jjq-8cvj-v6m9: Cross-site Scripting in Serenity

Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.

Russian-Linked Hackers Breach 80+ Organizations via Roundcube Flaws

Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations. These entities are primarily located in Georgia, Poland, and Ukraine, according to Recorded Future, which attributed the intrusion set to a threat

GHSA-w4hv-vmv9-hgcr: GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219`

# GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219` The [GitHub Security Lab](https://securitylab.github.com) team has identified potential security vulnerabilities in [scrypted](https://github.com/koush/scrypted). We are committed to working with you to help resolve these issues. In this report you will find everything you need to effectively coordinate a resolution of these issues with the GHSL team. If at any point you have concerns or questions about this process, please do not hesitate to reach out to us at `[email protected]` (please include `GHSL-2023-218` or `GHSL-2023-219` as a reference). See also [this blog post](https://github.blog/2022-04-22-removing-the-stigma-of-a-cve/) written by GitHub's Advisory Curation team which explains what CVEs and advisories are, why they are important to track vulnerabilities and keep downstream users informed, the CVE assigning process, and how they are used to keep open source software secure...