7705 matches found
CVE-2022-4262
creationtimestamp| type| source ---|---|--- 2022-12-05 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=926 2022-12-05 11:10:43+00:00| exploited| https://t.me/truesecator/3783 2022-12-06 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=927 2022-12-06...
CVE-2022-43504
Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7...
Android is slowly mastering memory management vulnerabilities
Recently we wrote about why the NSA wants you to shift to memory safe programming languages. The short version is: If you ever read our posts describing security vulnerabilities, you will see a lot of phrases like "buffer overflow", "failure to release memory", "use after free", "memory...
Friday Squid Blogging: Legend of the Indiana Oil-Pit Squid
At a GMC plant. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...
Amasty Blog Pro for Magento 2 Cross-Site Scripting Vulnerability
Amasty Blog is a website page extension from Amasty. magento2 is an open source PHP e-commerce system. Amasty Blog Pro 2.10.5 before the version for Magento 2 has a cross-site scripting vulnerability , the vulnerability stems from the plugin in the blog post creation function fails to shortconten...
CVE-2022-36433
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...
CVE-2022-36433
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...
Design/Logic Flaw
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...
A Ride on the Wild Side with Hacking Heavyweight Sick Codes
Beverage of Choice: Krating Daeng Thai Red Bull Industry Influencer he Admires: Casey John Ellis What did you want to be when you grew up? A physician and nearly did Hobbies Present & Past: Motorcycling & Australian Football Bucket List: Continuing to discover new software Fun Fact: He currently...
CVE-2022-36433
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the shortcontent and fullcontent fields, leading to XSS attacks against admin panel users via posts/preview or posts/save...
Amasty Blog 跨站脚本漏洞
Amasty Blog is a website page extension from Amasty. magento2 is an open source PHP e-commerce system. Amasty Blog Pro 2.10.5 before the version for Magento 2 has a cross-site scripting vulnerability , the vulnerability stems from the plugin in the blog post creation function fails to shortconten...
CVE-2022-36433
The CVE-2022-36433 entry concerns Amasty Blog Pro for Magento 2 (version 2.10.3) where the blog-post creation functionality permits JavaScript injection in the short_content and full_content fields, enabling XSS against admin users via posts/preview or posts/save. Root cause is unfiltered content...
Stored Cross-site Scripting (XSS)
pyrocms/pyrocms is vulnerable to stored cross-site scriptingXSS. The library allows a low privileged user to inject a malicious Javascript payload in a blog post, which then get executed when the affected blog post is loaded on the victim’s browser...
GHSA-CM7F-HF2G-GHRP PyroCMS vulnerable to stored Cross Site Scripting
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting XSS when a low privileged user, such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation...
PyroCMS vulnerable to stored Cross Site Scripting
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting XSS when a low privileged user, such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation...
CVE-2022-37721
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting XSS when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation...
CVE-2022-37721
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting XSS when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation...
Cross site scripting
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting XSS when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation...
CVE-2022-37720
Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting XSS. When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is load...
CVE-2022-37720
Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting XSS. When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is load...