PT-2024-40266 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal affected versions not specified Description: The issue is related to an access bypass in Drupal's content moderation system. Under certain conditions, it fails to properly check a user's access to use specific transitions...

PT-2024-40185 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: drupal affected versions not specified Description: The issue is related to an access bypass in drupal content moderation. In certain conditions, it fails to check a user's access to use specific transitions. Recommendations: At the moment,...

Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09

This week on the Lock and Code podcast… Our Lock and Code host, David Ruiz, has a bit of an apology to make: “Sorry for all the depressing episodes.” When the Lock and Code podcast explored online harassment and abuse this year, our guest provided several guidelines and tips for individuals to lo...

CVE-2024-2864

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KaineLabs Youzify - Buddypress Moderation.This issue affects Youzify - Buddypress Moderation: from n/a through 1.2.5...

CVE-2024-2864 WordPress Youzify - Buddypress Moderation plugin <= 1.2.5 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KaineLabs Youzify - Buddypress Moderation.This issue affects Youzify - Buddypress Moderation: from n/a through 1.2.5...

CVE-2024-2864 WordPress Youzify - Buddypress Moderation plugin <= 1.2.5 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in KaineLabs Youzify - Buddypress Moderation.This issue affects Youzify - Buddypress Moderation: from n/a through 1.2.5...

WordPress Youzify Buddypress Moderation Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Youzify Buddypress Moderation Type Plugin Vulnerable versions = 1.2.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-2864 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 8372e235157d Credits Esteban Segura Ripoll...

PT-2024-22501 · Unknown · Youzify - Buddypress Moderation

Name of the Vulnerable Software and Affected Versions: Youzify - Buddypress Moderation versions 1.2.5 and earlier Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting'. This allows for a remote attack...

WordPress Plugin BuddyPress Moderation 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin BuddyPress...

Ten Ways AI Will Change Democracy

Artificial intelligence will change so many aspects of society, largely in ways that we cannot conceive of yet. Democracy, and the systems of governance that surround it, will be no exception. In this short essay, I want to move beyond the "AI-generated disinformation" trope and speculate on some...

How Telegram Became a Terrifying Weapon in the Israel-Hamas War

Hamas posted gruesome images and videos that were designed to go viral. Sources argue that Telegram’s lax moderation ensured they were seen around the world...

DRUPAL-CONTRIB-2023-047

This module enables notifications to be sent to all users of a particular role, or to the content's author when a piece of content is transitioned from one state to another via core's content\moderation module. The module doesn't sufficiently check access to content when sending notifications. Th...

Content Moderation Notifications - Moderately critical - Information disclosure - SA-CONTRIB-2023-047

This module enables notifications to be sent to all users of a particular role, or to the content's author when a piece of content is transitioned from one state to another via core's contentmoderation module. The module doesn't sufficiently check access to content when sending notifications. Thi...

DRUPAL-CONTRIB-2023-039

This module aims to prevent broken content references by informing content editors either on delete or archive moderation. The module provides an "orphaned content" report for broken references, which may reveal titles of unpublished content...

MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation

Description The plugin does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts. 1. Visit the Profiles Settings page for the plugin: MS LMS LMS Settings Profiles 2. Ensure that "Disable Instructor...

YouTube makes sweeping changes to tackle spam on Shorts videos

YouTube is rolling out unclickable links. Video portals like YouTube have had to deal with spam comments and bogus links for many years. With new additions to a platform come new places for scammers to go about their business. YouTube is now cracking down on links posted to the comments section o...

WordPress BuddyForms Moderation ( Former: Review Logic ) Plugin <= 1.4.7 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Moderation Former: Review Logic Type Plugin Vulnerable versions = 1.4.7 Fixed in 1.4.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 8604cd24c7fb Credits Rafie...

Inside 4chan’s Top-Secret Moderation Machine

Internal company documents reveal how the imageboard’s chaotic moderation allowed racism and violence to take over...

Two Supreme Court cases could change the Internet as we know it

The Supreme Court is about to reconsider Section 230, a law thats been the foundation of the way we have used the Internet for decades. The court will be handling a few cases that at first glance are about online platforms' liability for hosting accounts from foreign terrorists. But at a deeper...

CVE-2023-22455 Discourse vulnerable to Cross-site Scripting through tag descriptions

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, tag descriptions, which can be updated by moderators, can be used for cross-site scripting attacks. This vulnerability can lead to a full...