CVE-2024-32531 WordPress GuCherry Blog theme <= 1.1.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Everest themes GuCherry Blog allows Reflected XSS.This issue affects GuCherry Blog: from n/a through 1.1.8...

CVE-2024-32545

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Canva Canva – Design beautiful blog graphics allows Reflected XSS.This issue affects Canva – Design beautiful blog graphics: from n/a through 1.2.4...

WordPress Plugin GuCherry Blog 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

PT-2024-24651

Name of the Vulnerable Software and Affected Versions GuCherry Blog versions 1.1.8 and earlier Description The issue is related to improper neutralization of input during web page generation, which allows for reflected cross-site scripting XSS. This means an attacker can inject malicious scripts...

X.com Automatically Changing Link Text but Not URLs

Brian Krebs reported that X formerly known as Twitter started automatically changing twitter.com links to x.com links. The problem is: 1 it changed any domain name that ended with "twitter.com," and 2 it only changed the links appearance anchortext, not the underlying URL. So if you were a clever...

WordPress GuCherry Blog theme <= 1.1.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme GuCherry Blog versions = 1.1.8...

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

CVE-2024-3400 Compromise Checker A very simple bash script to...

WordPress GuCherry Blog Theme <= 1.1.8 is vulnerable to Cross Site Scripting (XSS)

Software GuCherry Blog Type Theme Vulnerable versions = 1.1.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32531 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c448376e7385 Credits stealthcopter Required privilege...

Space Force Is Planning a Military Exercise in Orbit

Two satellites will engage in a “realistic threat response scenario” when Victus Haze gets underway...

Friday Squid Blogging: The Awfulness of Squid Fishing Boats

Its a pretty awful story. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

HTMLy Version v2.9.6 - Stored XSS

Exploit Title: HTMLy Version v2.9.6 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://www.htmly.com/ Version 3.10.8.21 Date : 04/08/2024 1 Login admin https://127.0.0.1/HTMLy/admin/config 2 General Setting Blog title " 3 After save it you will be see XSS alert...

In Memoriam: Ross Anderson, 1956–2024

Last week, I posted a short memorial of Ross Anderson. The Communications of the ACM asked me to expand it. Heres the longer version. EDITED TO ADD 4/11: Two weeks before he passed away, Ross gave an 80-minute interview where he told his life story...

a-blog cms 安全漏洞

a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms that stems from vulnerability to server-side request forgery attacks...

a-blog cms 安全漏洞

a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms versions before Ver.3.1.12, before Ver.3.0.32, before Ver.2.11.61, and before Ver.2.10.53, which originates from a vulnerability that could allow an attacker to log in to the product and obtain...

a-blog cms 安全漏洞

a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms versions before Ver.3.1.12, before Ver.3.0.32, before Ver.2.11.61, and before Ver.2.10.53, which originated from a vulnerability that allows an attacker to log in to the product and execute...

a-blog cms 安全漏洞

a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms that stems from vulnerability to stored cross-site scripting attacks...

HTMLy 2.9.6 Cross Site Scripting

Exploit Title: HTMLy Version : 2.9.6 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://www.htmly.com/ Version 3.10.8.21 Date : 04/08/2024 1 Login admin https://127.0.0.1/HTMLy/admin/config 2 General Setting Blog title " 3 After save it you will be see xss alert...

vancouverimmigrationblog.com Cross Site Scripting vulnerability OBB-3906176

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The Sustainability Team Is Listening. Here’s What We Heard.

...

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 XZ Backdoor Tools This repository contains to...