CVE-2021-40106

An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field...

Cross site scripting

An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field...

CVE-2021-40106

Concrete CMS before 8.5.6 is affected by an unauthenticated stored XSS in blog comments via the website field. The root cause is insufficient sanitization/handling of user input in the website field for blog comments. Impact is described as stored XSS with potential client-side code execution; ex...

CVE-2021-40106

An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field...

Friday Squid Blogging: Person in Squid Suit Takes Dog for a Walk

No, I dont understand it, either. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

Autodiscovering the Great Leak

See the most recent research from Amit Serper on a vulnerability in Autodiscover from Microsoft Outlook that affects credential leaks...

The iOS 15 Privacy Settings You Should Change Right Now

Apple’s latest software update has a bunch of new security features. Here's how to put them to use...

New Mac malware masquerades as iTerm2, Remote Desktop and other apps

Last week, security researcher Patrick Wardle released details of a new piece of malware masquerading as the legitimate app iTerm2. The malware was discovered earlier the same day by security researcher Zhi @CodeColorist on Twitter, and detailed on a Chinese-language blog. For those who dont spea...

CVE-2021-24636

The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce CSRF checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link...

CVE-2021-24636

The vulnerability CVE-2021-24636 affects the Print My Blog WordPress Plugin prior to version 3.4.2. The root cause is missing nonce (CSRF) checks, enabling a CSRF attack that can trick a logged-in administrator into deactivating the plugin and deleting all saved data for that plugin by opening a ...

WordPress 插件跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site request forgery vulnerability...

WP Import Export Lite < 3.9.5 - Subscriber+ Arbitrary Blog Options Update

The plugin does not have any CSRF and authorisation checks done in the wpieextsaveextensiondata AJAX action, nor do perform any validation on the option to be updated. As a result, any authenticated user such as subscriber, or an unauthenticated attacker via a CSRF could update any of the blog...

How to Protect and Support a Remote Workforce

By Owais Sultan If you felt as though you could be doing more to support your own remote workforce, here are some tips and pointers you might want to consider. This is a post from HackRead.com Read the original post: How to Protect and Support a Remote Workforce...

Integrate Serverless Security for Runtime Apps

Serverless solutions are prone to a high degree of application attacks. Learn how to build runtime application self-protection with vulnerability visibility and mitigation capabilities for your serverless applications...

The vulnerability of the Fantastic Blog CMS content management system, related to the lack of measures taken to protect the website structure, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Fantastic Blog CMS content management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using the search.php script...

CVE-2021-32202

In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page...

CVE-2021-32202

In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page...

CVE-2021-32202

In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page...

CVE-2021-32202

CS-Cart 4.11.1 is affected by a cross-site scripting (XSS) vulnerability that can be triggered by manipulating the blog post description field during post creation. The root cause, as described in CNNVD, is insufficient validation/escaping of user input in the post description, enabling copy-past...

CS-Cart 跨站脚本漏洞

CS-Cart is an e-commerce platform developed from the former open source PHP. A cross-site scripting vulnerability exists in CS-Cart version 4.11.1, which stems from the lack of effective validation and escaping of user input in the post description on the blog post creation page in the software,...