Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.6.5 security and bug fix update

The Migration Toolkit for Containers MTC 1.6.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years

An "aggressive" advanced persistent threat APT group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attack...

Android apps with millions of downloads exposed to high-severity vulnerabilities

Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote albeit complex or local attacks. The vulnerabilities, which affected apps...

CVE-2022-26725

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. Photo location information may persist after it is removed with Preview Inspector...

CVE-2022-29408

Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...

CVE-2022-29408

Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...

Cross site scripting

Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...

CVE-2022-29408

The CVE-2022-29408 entry concerns Vsourz Digital’s WordPress plugin Advanced Contact form 7 DB (<= 1.8.7). Connected sources confirm a persistent (stored) Cross-Site Scripting (XSS) vulnerability, caused by insufficient sanitization/escaping of a parameter in the plugin’s form handling, enabli...

Moodle Persistent Cross-site Scripting (XSS)

Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users Teacher and above to inject JavaScript into the session of another user e.g., enrolled student or site administrator via the introeditortext parameter. NOTE: the discoverer and vendor disagree on whether Mood...

GHSA-JXJC-6XMH-H7MG Magento 2 Community Edition XSS Vulnerability

Magento versions 2.4.0 and 2.3.5p1 and earlier are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This...

GHSA-FXF3-WX3C-76PF Shopware vulnerable to Cross-site Scripting

In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication...

Shopware vulnerable to Cross-site Scripting

In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication...

GHSA-F99H-H678-FGG4 Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet

In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will...

CVE-2022-29432

Multiple Authenticated administrator or higher user role Persistent Cross-Site Scripting XSS vulnerabilities in TMS-Plugins wpDataTables plugin = 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters...

Cross site scripting

Multiple Authenticated administrator or higher user role Persistent Cross-Site Scripting XSS vulnerabilities in TMS-Plugins wpDataTables plugin = 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters...

CVE-2022-29432

CVE-2022-29432 covers multiple authenticated persistent XSS vulnerabilities in the WordPress plugin wpDataTables (versions

CVE-2022-29430 WordPress PNG to JPG plugin <= 4.0 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability in KubiQ's PNG to JPG plugin = 4.0 at WordPress via Cross-Site Request Forgery CSRF. Vulnerable parameter &jpgquality...

CVE-2022-29880

A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not properly validate input in the configuration interface. This could allow an authenticated attacker to place persistent XSS attacks to perform arbitrary actions in the name of a logged user which accesses the...

APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days

Most advanced persistent threat groups APTs use known vulnerabilities in their attacks against organizations, suggesting the need to prioritize faster patching rather than chasing zero-day flaws as a more effective security strategy, new research has found. Security researchers at the University ...

Malicious code in pco_api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9c8289fc4eb78d3e66ed76818f5f799edc0dbee5bebe64774a03a2c3148158b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...