GHSA-XFMJ-R86M-J2HR Stored cross site scripting on API integration

Concrete CMS previously concrete5 before 9.2 is vulnerable to stored XSS on API Integrations via the name parameter...

CVE-2023-28477

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter...

CVE-2023-28477

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter...

CVE-2023-28477

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter...

Design/Logic Flaw

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter...

CVE-2023-28477

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter...

PT-2023-21747 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS previously concrete5 versions 8.5.12 and below Concrete CMS previously concrete5 versions 9.0 through 9.1.3 Description: The issue concerns stored XSS on API Integrations via the name parameter. This allows for potential...

CVE-2023-28477

Concrete CMS (formerly concrete5) versions 8.5.12 and earlier, and 9.0–9.1.3, are vulnerable to stored XSS on API Integrations via the name parameter. Root cause: input sanitization gap in API integration handling. Exploitation would involve injecting malicious script through the name parameter w...

CVE-2023-1282

The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin before 5.0.6.4 do not sanitise and escape a parameter before outputting it back in the...

CVE-2023-1282

The CVE-2023-1282 entry affects the WordPress plugins “Drag and Drop Multiple File Upload PRO – Contact Form 7 Standard” (before 2.11.1) and “Drag and Drop Multiple File Upload PRO – Contact Form 7 with Remote Storage Integrations” (before 5.0.6.4). Root cause: both plugins do not sanitize/escape...

ChatGPT Security: OpenAI's Bug Bounty Program Offers Up to $20,000 Prizes

OpenAI, the company behind the massively popular ChatGPT AI chatbot, has launched a bug bounty program in an attempt to ensure its systems are "safe and secure." To that end, it has partnered with the crowdsourced security platform Bugcrowd for independent researchers to report vulnerabilities...

Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations < 5.0.6.4 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. PoC Visit the following path on the site as an admin user:...

Atlassian Jira Service Desk 4.7.1 < 4.10.0 Cross-Site Scripting In API and Integrations

According to its self-reported version number, the Atlassian Jira Service Desk application running on the remote host is version 4.7.x prior to 4.10.0. It is, therefore, affected by a flaw which may permit a remote attacker to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS...

Atlassian Jira Service Desk 4.8.1 < 4.12.0 Information Disclosure In API and Integrations

According to its self-reported version number, the Atlassian Jira Service Desk application running on the remote host is version 4.8.x prior to 4.12.0. It is, therefore, affected by a flaw which may permit a remote attacker authenticated as a non-administrator user to view Project Request-Types a...

Amplifying Power to Customer Through Ecosystem Integrations

Transformation to a SaaS-based cybersecurity vendor...

Virtuozzo Hybrid Infrastructure 5.4 (5.4.0-133)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover compute services, management node high availability, monitoring and alerts, and the user interface. Additionally, this release delivers stability improvements and addresses issues found in previous...

Introducing Enterprise TruRisk Management from Qualys

Since the release of Qualys VMDR 2.0 with TruRisk last year, our customers have quickly adopted it to perform cyber risk assessments across the entire enterprise. With detail-rich cyber risk visualization, customers can now pinpoint the areas of their business exposed to elevated levels of cyber...

Spring Modulith 0.3 released

Hot on the heels of Spring Boot 3.0.2, I am excited to announce the 0.3 release of Spring Modulith. The release is packed with improvements. We have tweaked a couple of things that might require your attention and a couple of adapting changes to your code. The most notable changes are: GH-114 – W...

Hackers Breach Okta's GitHub Repositories, Steal Source Code

Okta, a company that provides identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed in an unauthorized manner earlier this month. "There is no impact to any customers, including any HIPAA, FedRAMP, or DoD customers," the company sa...

Security Bulletin: IBM Tivoli Netcool/OMNIbus Probe and Integrations Library are affected by vulnerabilities in FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)

Summary FasterXML jackson-databind is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library and Probe for Microsoft Exchange Web Services. The latest patches include FasterXML jackson-databind 2.13.4.2 that fixes the vulnerabilities. CVE-2022-42004, CVE-2022-42003...