OneBlog 代码问题漏洞

OneBlog is a Java blog. version v2.3.4 of OneBlog contains a server-side request forgery vulnerability in which the source parameter entryUrls fails to properly validate user input and can be exploited to probe the server's intranet resources...

Jfinal CMS 跨站脚本漏洞

Jfinal CMS is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. Jfinal CMS v5.1.0 version of the cross-site scripting vulnerability , the...

iroirokeiba.blog.fc2.com Cross Site Scripting vulnerability OBB-2666649

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GHSA-4453-G295-24MH Cross site scripting in Elefant CMS

A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting Persistent. It is possible to initiate the attack remotely. Upgrading to version 1.3.13 i...

Cross site scripting in Elefant CMS

A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting Persistent. It is possible to initiate the attack remotely. Upgrading to version 1.3.13 i...

Malicious code in taxjar-blog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6023826d533e0005bb6eb243f84755034bce33d3f0de3ee904171fd42480858 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6422 Malicious code in taxjar-blog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6023826d533e0005bb6eb243f84755034bce33d3f0de3ee904171fd42480858 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in eleventy-high-performance-blog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4823110842e58cb338449a76f8f597545384ae9c5015c7acd466f5fcbdf1090e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2698 Malicious code in eleventy-high-performance-blog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4823110842e58cb338449a76f8f597545384ae9c5015c7acd466f5fcbdf1090e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2017-20060

A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting Persistent. It is possible to initiate the attack remotely. Upgrading to version 1.3.13 i...

Cross site scripting

A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting Persistent. It is possible to initiate the attack remotely. Upgrading to version 1.3.13 i...

CVE-2017-20060 Elefant CMS Blog Post Persistent cross site scriting

A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting Persistent. It is possible to initiate the attack remotely. Upgrading to version 1.3.13 i...

CVE-2017-20060 Elefant CMS Blog Post Persistent cross site scriting

A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting Persistent. It is possible to initiate the attack remotely. Upgrading to version 1.3.13 i...

Marval MSM 14.19.0.12476 Remote Code Execution

Exploit Title: Marval MSM v14.19.0.12476 - Remote Code Execution RCE Authenticated Date: 27/5/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.marvalnorthamerica.com/ Software Link: https://www.marvalnorthamerica.com/ Version: v14.19.0.12476 Tested on: Windows Detailed...

CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case

CISA has released Trusted Internet Connections TIC 3.0 Cloud Use Case for public comment. TIC is a federal cybersecurity initiative intended to secure federal data, networks, and boundaries while providing visibility into agency traffic, including cloud communications. TIC use cases provide...

Panchan’s Mining Rig: New Golang Peer-to-Peer Botnet Says “Hi!”

Akamai researchers have discovered a new P2P botnet targeting APJ. Read about it here...

CVE-2022-1793

The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public...

CVE-2022-1793

The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public...

Cross-Site Scripting (XSS)

intelliants/subrion is vulnerable to cross-site scripting. The vulnerability exists due to lack of validations when editing a blog entry which allows an attacker to modify the name of the uploaded images and execute arbitrary javascript...

CVE-2022-27174

Cross-site request forgery CSRF vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page...