PT-2023-17089 · Datagear · Datagear

Name of the Vulnerable Software and Affected Versions: DataGear versions up to 1.11.1 Description: A vulnerability was found in the Graph Dataset Handler component, leading to cross-site scripting. The attack can be initiated remotely. The issue affects some unknown processing of this component...

New Cyber Platform Lab 1 Decodes Dark Web Data to Uncover Hidden Supply Chain Breaches

2022 was the year when inflation hit world economies, except in one corner of the global marketplace – stolen data. Ransomware payments fell by over 40% in 2022 compared to 2021. More organisations chose not to pay ransom demands, according to findings by blockchain firm Chainalysis. Nonetheless,...

CVE-2023-28607

js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip...

CVE-2023-28606

js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips...

Design/Logic Flaw

js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips...

CVE-2023-28607

js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip...

CVE-2023-28606

js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips...

PT-2023-21842 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.169 Description: The issue allows for XSS via event-graph node tooltips in the js/event-graph.js file. Recommendations: For versions prior to 2.4.169, update to version 2.4.169 or later to resolve the issue...

CVE-2023-28606

The CVE-2023-28606 issue affects MISP and stems from the js/event-graph.js component, where tooltips in the event-graph node UI can be exploited to perform XSS. Affected versions are MISP before 2.4.169; remediation is to upgrade to version 2.4.169 or later. The connected sources confirm the vuln...

CVE-2023-28607

CVE-2023-28607 affects the MISP project. The issue is a cross-site scripting (XSS) vulnerability in the JavaScript file js/event-graph.js (in MISP) that is exploitable via the event-graph relationship tooltip. Affected versions are MISP prior to 2.4.169; upgrading to 2.4.169 or later is recommend...

CVE-2023-28606

js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips...

PT-2023-21562 · Silverstripe · Silverstripe/Graphql

Name of the Vulnerable Software and Affected Versions: silverstripe/graphql versions 4.1.1 through 4.2.2 Description: The issue allows an attacker to execute a denial of service attack against a website with a publicly exposed GraphQL endpoint using a specially crafted GraphQL query. This mostly...

PT-2023-11830 · Unknown · Artesãos Seotools

Name of the Vulnerable Software and Affected Versions: Artesãos SEOTools versions up to 0.17.1 Description: A problematic issue was found in Artesãos SEOTools, affecting the makeTag function of the file OpenGraph.php. The manipulation of the value argument leads to open redirect. Recommendations:...

Storage xss vulnerability exists in simple graph beds

Description Storage xss vulnerability exists in simple graph beds,By constructing a malicious svg code that directs the administrator to click, the cookie is stolen Proof of Concept Make the svg file as follows alertdocument.cookie; You can steal administrator cookies,No login required to upload...

DRUPAL-CONTRIB-2023-007

Thunder is a Drupal distribution for professional publishing. The thunder distribution ships the thunder\gqls module which provides a graphql interface. The module doesn't sufficiently check access when serving user data via graphql leading to an access bypass vulnerability potentially exposing...

OESA-2023-1131 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

Tracgram - Use Instagram Location Features To Track An Account

Trackgram Use Instagram location features to track an account Usage At this moment the usage of Trackgram is extremly simple: 1. Download this repository 2. Go through the instalation steps 3. Change the parameters in the tracgram main method directly: + Mandatory: - NICKNAME: your username on...

OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting

Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies...

GHSA-G57G-RVPG-2F2C OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting

Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies...

Opennms Group OpenNMS 跨站脚本漏洞

Opennms Group OpenNMS is an open source, enterprise-class network monitoring and network management platform from Opennms Group, Inc. A security vulnerability exists in Opennms Group OpenNMS Meridian, Horizon, which stems from a cross-site scripting XSS vulnerability in graph results that can be...