NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution

Exploit Title: NorthStar C2 agent RCE via stored XSS Date: 2024-03-11 Exploit Author: @chebuya Software Link: https://github.com/EnginDemirbilek/NorthStarC2 Version: v1.0 Tested on: Ubuntu 20.04 LTS CVE: CVE-2024-28741 Description: NorthStar C2 applies insufficient sanitization on agent...

PT-2024-21789 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions 3.1.x through 3.1.9 and earlier a-blog cms versions 3.0.x through 3.0.30 and earlier a-blog cms versions 2.11.x through 2.11.59 and earlier a-blog cms versions 2.10.x through 2.10.51 and earlier a-blog cms version 2.9 and...

Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

Plus: An ex-Google engineer gets arrested for allegedly stealing trade secrets, hackers breach the top US cybersecurity agency, and X’s new feature exposes sensitive user data...

a-blog cms security breach

a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms. An attacker can exploit the vulnerability to obtain arbitrary files on the server, including password files...

JVN#48443978: a-blog cms vulnerable to directory traversal

a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a directory traversal vulnerability CWE-22. Impact A user with editor or higher privilege who can log in to the product may obtain arbitrary files on the server including password files. Solution Update t...

Qualys Updates Login Page to Improve User Experience and Highlight Latest Qualys News

With an eye to updating the overall user experience UI, continuing to fortify security, and keeping you informed of the latest Qualys news, were optimizing our login at the end of May 2024. This UI overhaul of sorts aims not only to refresh the aesthetic appeal but also to integrate robust...

BIT-MOODLE-2023-23922 Moodle: reflected xss risk in blog search

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw...

How to Turn Off Facebook’s Two-Factor Authentication Change

With Meta’s updated 2FA process, the company now automatically trusts devices you often use...

BoidCMS 2.0.1 Cross Site Scripting

Exploit Title: Multiple XSS Issues in boidcmsv2.0.1 Date: 3/2024 Exploit Author: Andrey Stoykov Version: 2.0.1 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com XSS via SVG File Upload Steps to Reproduce: 1. Login with admin user 2. Visit "Media" page 3. Upload xss.svg 4. Click "View"...

CVE-2024-27558

Stupid Simple CMS 1.2.4 is vulnerable to Cross Site Scripting XSS within the blog title of the settings...

CVE-2024-27558

Stupid Simple CMS 1.2.4 is vulnerable to Cross Site Scripting XSS within the blog title of the settings...

Cross site scripting

Stupid Simple CMS 1.2.4 is vulnerable to Cross Site Scripting XSS within the blog title of the settings...

Push vs. Pull-Based Architecture in GitOps

...

CVE-2024-27558

Stupid Simple CMS 1.2.4 is vulnerable to Cross Site Scripting XSS within the blog title of the settings...

CVE-2024-27558

Stupid Simple CMS 1.2.4 is vulnerable to Cross Site Scripting XSS within the blog title of the settings...

CVE-2024-27517

Webasyst 2.9.9 has a Cross-Site Scripting XSS vulnerability, Attackers can create blogs containing malicious code after gaining blog permissions...

Cross site scripting

Webasyst 2.9.9 has a Cross-Site Scripting XSS vulnerability, Attackers can create blogs containing malicious code after gaining blog permissions...

CVE-2024-27517

Webasyst 2.9.9 has a Cross-Site Scripting XSS vulnerability, Attackers can create blogs containing malicious code after gaining blog permissions...

PT-2024-21927 · Webasyst · Webasyst

Name of the Vulnerable Software and Affected Versions: Webasyst version 2.9.9 Description: The issue allows attackers to create blogs containing malicious code after gaining blog permissions, which can lead to a Cross-Site Scripting XSS attack. Recommendations: For Webasyst version 2.9.9, conside...

CVE-2024-27517

CVE-2024-27517 affects Webasyst 2.9.9 with a Cross-Site Scripting (XSS) vulnerability that allows attackers to insert malicious code in blogs after gaining blog permissions. Root cause details are not explicitly provided in the sources; impact is described as enabling creation of blogs containing...