BaserCMS Cross-Site Scripting Vulnerability (CNVD-2020-60477)

BaserCMS is an open source enterprise-level content management system cms. A cross-site scripting vulnerability exists in versions of baserCMS prior to 4.4.1. An attacker can exploit this vulnerability by entering a specially crafted nickname in a blog comment to execute arbitrary JavaScript...

CVE-2020-28037

isbloginstalled in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution as well as a denial of service for the old installation...

CVE-2020-15276

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1...

CVE-2020-15276

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1...

Cross site scripting

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1...

Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Components are: Blog comment posting Tested baserCMS Version : 4.4.0 Latest Affected baserCMS Version : 4.0.0 4.4.0 Patches : https://basercms.net/security/20201029 Found by yama...

GHSA-FW5Q-J9P4-3VXG Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Components are: Blog comment posting Tested baserCMS Version : 4.4.0 Latest Affected baserCMS Version : 4.0.0 4.4.0 Patches : https://basercms.net/security/20201029 Found by yama...

CVE-2020-15276

CVE-2020-15276 affects baserCMS prior to version 4.4.1. The vulnerability is a Cross-Site Scripting issue in the blog comment component, where entering a crafted nickname in blog comments can cause arbitrary JavaScript execution. The issue is resolved in version 4.4.1. Affected software: baserCMS...

blog-espritdesign.com Improper Access Control vulnerability OBB-1451449

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

blog.nistru-prut.info Cross Site Scripting vulnerability OBB-1440692

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Announcing the Zero Trust Deployment Center

Organizations have been digitally transforming at warp speed in response to the way businesses operate and how people work. As a result, digital security teams have been under immense pressure to ensure their environments are resilient and secure. Many have turned to a Zero Trust security model t...

Threat Source newsletter (Oct. 15, 2020)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. In our latest entry into our election security series, we’re turning our attention to the professionals who are responsible for securing our elections. After months of research, we’ve compiled a series of recommendations for local,...

A Trickbot Assault Shows US Military Hackers' Growing Reach

Despite the operation's short-term effects, it sets new precedents for the scope of Cyber Command's mission...

MonoCMS Blog Information Disclosure Vulnerability

Mono is a free and open source project hosted by Xamarin previously Novell, first Ximian. A security vulnerability exists in version 1.0 of MonoCMS Blog, which stems from storing a hard-coded administrative hash in the log.xml file in the source file of MonoCMS Blog, with hash type bcrypt and has...

CVE-2020-25985

MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on and off the webserver php files can be unlinked and not deleted...

CVE-2020-25985

MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on and off the webserver php files can be unlinked and not deleted...

CVE-2020-25985

MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on and off the webserver php files can be unlinked and not deleted...

CVE-2020-25985

CVE-2020-25985 affects MonoCMS Blog 1.0. The vulnerability is described as Arbitrary File Deletion: any authenticated user can delete files on and off the webserver, with PHP files potentially unlinked rather than deleted. The connected documents confirm this as the concrete issue, but do not pro...

New Privacy Features in iOS 14

A good rundown...

CVE-2020-25986

A Cross Site Request Forgery CSRF vulnerability in MonoCMS Blog 1.0 allows attackers to change the password of a user...