CVE-2023-41156

Usermin 2.001 has a Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab, allowing remote attackers to inject arbitrary script/HTML via the "save to new folder named" field when creating a new filter. Root cause: unsanitized input on that field. Description is corrob...

CVE-2023-41154

The CVE-2023-41154 issue affects Usermin 2.000, describing a Stored Cross‑Site Scripting (XSS) vulnerability in the scheduled cron jobs tab, exploitable via the value field when creating a new environment variable. The connected PT and vulnerability sources confirm this specific vector and provid...

CVE-2023-41158

CVE-2023-41158 describes a Stored XSS in Webmin/Usermin 2.000, specifically in the MIME type programs tab. The vulnerability arises when creating a new MIME type program, where an attacker can inject arbitrary script/html via the description field. Impact is web UI XSS; exploitation status is not...

PT-2023-5302 · Unknown · Modulys Gp

Name of the Vulnerable Software and Affected Versions: MODULYS GP MOD3GP-SY-120K affected versions not specified Description: The issue exists due to a lack of protection for the web page structure, allowing a remote attacker to perform cross-site scripting XSS attacks. This could enable an...

PT-2023-4832 · Imind · Imind

Name of the Vulnerable Software and Affected Versions: iMind affected versions not specified Description: The issue is related to the possibility of code or data injection, which could allow a remote attacker to execute arbitrary code with administrative privileges. Recommendations: At the moment...

CVE-2023-40535

CVE-2023-40535 is a stored cross-site scripting vulnerability in the VI Web Client’s View setting page, exploitable by a remote authenticated attacker to inject scripts. Affected product: VI Web Client prior to version 7.9.6. Root cause/impact: arbitrary script execution in a logged-in user’s bro...

The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power

The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power By Trellix · August 12, 2023 This story was also written by Jesse Chick, Philippe Laulheret and Sam Quinn. Summary In a modern working environment where many employees are working from home or in hybrid office...

The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power

The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power By Trellix · August 12, 2023 This story was also written by Jesse Chick, Philippe Laulheret and Sam Quinn. Summary In a modern working environment where many employees are working from home or in hybrid office...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to Go [CVE-2023-24539 and CVE-2023-24540]

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to remote code injection due to Go CVE-2023-24539 and CVE-2023-24540, with details below. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-24539 DESCRIPTION: Go is vulnerabl...

Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway

A suspected China-nexus threat actor dubbed UNC4841 has been linked to the exploitation of a recently patched zero-day flaw in Barracuda Email Security Gateway ESG appliances since October 2022. "UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People's Republic o...

CVE-2023-3193

Cross-site scripting (XSS) vulnerability CVE-2023-3193 affects Liferay Portal 7.4.3.70–7.4.3.73 and Liferay DXP 7.4 update 70–73, in the Layout module’s SEO configuration. The issue allows remote attackers to inject arbitrary script/HTML via the _com_liferay_layout_admin_web_portlet_GroupPagesPor...

Barracuda Urges Immediate Replacement of Hacked ESG Appliances

Enterprise security company Barracuda is now urging customers who were impacted by a recently disclosed zero-day flaw in its Email Security Gateway ESG appliances to immediately replace them. "Impacted ESG appliances must be immediately replaced regardless of patch version level," the company sai...

Barracuda Urges Immediate Replacement of Hacked ESG Appliances

Enterprise security company Barracuda is now urging customers who were impacted by a recently disclosed zero-day flaw in its Email Security Gateway ESG appliances to immediately replace them. "Impacted ESG appliances must be immediately replaced regardless of patch version level," the company sai...

CVE-2023-33731

Reflected Cross Site Scripting XSS in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly...

CVE-2023-33731

Reflected Cross Site Scripting XSS in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly...

CVE-2023-33731

Microworld Technologies eScan management console (version 14.0.1400.2281) is affected by a Reflected Cross Site Scripting (XSS) vulnerability in the view dashboard detail feature. The flaw allows an attacker to inject arbitrary script via a URL parameter (DashBoardDetails), with evidence of explo...

CVE-2023-33731

Reflected Cross Site Scripting XSS in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly...

CVE-2023-33732

Cross Site Scripting XSS in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval...

CVE-2023-33732

Cross Site Scripting XSS in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval...

Microworld Technologies eScan Management Console 跨站脚本漏洞

MicroWorld Technologies eScan Management Console is an electronic scanning management console from MicroWorld Technologies, Inc. A security vulnerability exists in Microworld Technologies eScan Management Console version 14.0.1400.2281, which stems from a new policy form that allows remote...