CVE-2024-20385

A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator NDO could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device. This vulnerability exists because the Cisco NDO Validate Peer Certificate site management feature...

Automattic: Akismet Several CSRF vulnerabilities

Summary ----------- Akismet is vulnerable to CSRF allowing an attacker to cancel accounts of victims, add sites, remove subscriptions, etc. Steps to reproduce Account cancelation ----------- 1. Login to your Akismet account, which has a subscription activated. 2. The following POST request will...

PHPLinks 2.1.2 - Add Site HTML Injection

PHPLinks 2.1.2 - Add Site HTML Injection source: https://www.securityfocus.com/bid/6632/info phpLinks is prone to HTML injection. phpLinks does not sufficiently sanitized HTML and script code supplied via form fields before displaying this data to administrative users. This issue exists in the...