CVE-2022-23801

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in commedia...

Shopizer 跨站脚本漏洞

Shopizer is a Java-based open source e-commerce solution from the Shopizer team. A cross-site scripting vulnerability exists in Shopizer versions v2.0.2 through v2.17.0, which allows an attacker to upload SVG files containing malicious JavaScript code via the "Manage Images" tab...

CVE-2022-27658

Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks...

WordPress plugin Drag and Drop Multiple File Upload 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Drag and Drop Multiple File Upload plugi...

[SECURITY] Fedora 36 Update: osgearth-3.2-7.fc36

osgEarth is a C++ terrain rendering SDK. Just create a simple XML file, point it at your imagery, elevation, and vector data, load it into your favorite OpenSceneGraph application, and go! osgEarth supports all kinds of data and comes with lots of examples to help you get up and running quickly a...

[SECURITY] Fedora 36 Update: eigen3-3.4.0-5.fc36

A lightweight C++ template library for vector and matrix math...

Purple Fox Uses New Arrival Vector and Improves Malware Arsenal

Purple Fox is an old threat that has been making waves since 2018. This most recent investigation covers Purple Fox’s new arrival vector and early access loaders. Users’ machines seem to be targeted with malicious payloads masquerading as legitimate application installers...

CVE-2022-25571

CVE-2022-25571 concerns Bluedon Information Security Technologies Co., Ltd. Internet Access Detector v1.0. The vulnerability is described as an information leak that allows attackers to access the contents of the password file via unspecified vectors. Documented impact notes refer to confidential...

Bluedon Internet Access Detector 信息泄露漏洞

Bluedon Internet Access Detector is an Internet Access Detector from Bluedon China. A security vulnerability exists in Bluedon Internet Access Detector v1.0, which can be exploited by an attacker to access the contents of a password file via an unspecified vector...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Netcool Performance Manager

Summary Apache-Log4j - CVE-2021-4104, Apache-Log4j - CVE-2022-23302, Apache-Log4j - CVE-2022-23305, Apache-Log4j - CVE-2022-23307 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- TNPM|...

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.156, which stems from the u...

CVE-2022-23059

A Stored Cross Site Scripting XSS vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code...

How Web Applications Are Attacked Through APIs

Happy Pi Day, everyone! As a technician, pi is a number that represents a constant. This constant reflects the ongoing cyberthreats that put enterprise assets at continuous risk as digital transformation and the resultant attack surface grow in parallel. Whether it’s a simple identity theft hack...

Mozilla: Use-after-free in text reflows

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash...

Mozilla: Use-after-free in text reflows

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash...

Mozilla: Use-after-free in text reflows

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash...

IBM Spectrum Protect Operations Center跨站请求伪造漏洞

IBM Spectrum Protect Operations Center is a software from IBM USA that provides visual control of the IBM Spectrum Protect environment. IBM Spectrum Protect Operations Center is vulnerable to cross-site request forgery, which could be exploited by an attacker to vulnerability to enter a link to a...

Sylius 跨站脚本漏洞

Sylius is an open source e-commerce platform. Sylius suffers from a cross-site scripting vulnerability that could be exploited by attackers to upload SVG files containing XSS code in the administration panel to obtain user cookies and construct phishing attacks...

Zenario CMS 跨站脚本漏洞

Zenario CMS is a Zenario open source application . Provides a Web-based content management system. A security vulnerability exists in Zenario CMS version 9.0.54156, which stems from Zenario CMS version 9.0.54156 Uploading files to .SVG is vulnerable to cross-site scripting. An attacker can send a...

WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities

Last night, just after 6pm Pacific time, on Thursday March 10, 2022, the WordPress core team released WordPress version 5.9.2, which contains security patches for a high-severity vulnerability as well as two medium-severity issues. The high-severity issue affects version 5.9.0 and 5.9.1 and allow...