CVE-2023-3196 Multiple vulnerabilities in Canopsis of Capensis

This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel...

CVE-2023-32790

Cross-Site Scripting XSS vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter...

CVE-2023-32671

A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation...

CVE-2023-32790

Cross-Site Scripting XSS vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter...

CVE-2023-32670

Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "name=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is...

Cross site scripting

Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "name=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is...

Cross site scripting

Cross-Site Scripting XSS vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter...

CVE-2023-32671 BuddyBoss XSS vulnerability

A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation...

CVE-2023-32671

The CVE-2023-32671 entry describes a stored XSS vulnerability in BuddyBoss Platform (version 2.2.9). The flaw allows an attacker to store a malicious JavaScript payload via a POST request when sending an invitation. Public documents confirm this as a stored XSS issue affecting BuddyBoss Platform ...

CVE-2023-32670 BuddyBoss XSS vulnerability

Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "name=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is...

TikTok: Reflected XSS On [https://www-useast1a.tiktok.com/ug/incentive/share/hd]

A reflected cross-site scripting vulnerability was found in a TikTok endpoint. User-supplied data was reflected without appropriate escaping, allowing JavaScript injection...

CVE-2023-41103

Interact 7.9.79.5 allows stored Cross-site Scripting XSS attacks in several locations, allowing an attacker to store a JavaScript payload...

CVE-2023-41103

Interact 7.9.79.5 allows stored Cross-site Scripting XSS attacks in several locations, allowing an attacker to store a JavaScript payload...

Interact Cross-Site Scripting Vulnerability

Interact is a telecommuting software from Interact. A security vulnerability exists in Interact version 7.9.79.5. An attacker could exploit the vulnerability to store a JavaScript payload to perform a cross-site scripting attack...

CVE-2023-41103

Interact 7.9.79.5 allows stored Cross-site Scripting XSS attacks in several locations, allowing an attacker to store a JavaScript payload...

PT-2023-29616 · Capensis +1 · Canopsis

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: This issue could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel. Recommendations: A...

PT-2023-23545 · Capensis +1 · Canopsis

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: This issue could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the...

CVE-2023-34412

CVE-2023-34412 affects Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200/250 devices with firmware

Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks

An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors. The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called...

CVE-2020-27449

Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...