CVE-2025-69231

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a stored cross-site scripting vulnerability in the GAD-7 anxiety assessment form allows authenticated users with clinician privileges to inject malicious JavaScript tha...

CVE-2025-69231 OpenEMR has a Stored XSS in GAD-7 Form that Enables Session Hijacking and Privilege Escalation

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a stored cross-site scripting vulnerability in the GAD-7 anxiety assessment form allows authenticated users with clinician privileges to inject malicious JavaScript tha...

A week in security (March 17 – March 23)

Last week on Malwarebytes Labs: What Google Chrome knows about you, with Carey Parker Lock and Code S06E06 Personal data revealed in released JFK files Semrush impersonation scam hits Google Ads Targeted spyware and why it’s a concern to us The "free money" trap: How scammers exploit financial...

The “free money” trap: How scammers exploit financial anxiety

With financial stress at an all-time high, and many Americans grappling with confusion about social security, Medicaid, and Medicare, people are desperately seeking relief. Scammers know this all too well and have tailored their tactics to exploit these fears, preying on vulnerable individuals wi...

Sellers can get scammed too, and Joe goes off on a rant about imposter syndrome

Welcome to this week's edition of the Threat Source newsletter. Hello again my friends! Geez, it's been a year am I right? Lemons its February you say?! Oof. Imposter syndrome. You've heard the term I'm sure, but what is it? Basically: imposter syndrome is the persistent feeling of self-doubt and...

centerforanxietydisorders.com Cross Site Scripting vulnerability OBB-3365219

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Coronavirus Sets the Stage for Hacking Mayhem

As more people work from home and anxiety mounts, expect cyberattacks of all sorts to take advantage...

Any Account Registration and Any Password Reset Vulnerabilities Exist in Anxiety Companion App

Anxious companion APP is a companion O2O service platform. There are arbitrary account registration and arbitrary password reset vulnerabilities in Anxin escort APP. Attackers can register any account and reset any password by capturing the verification code...

Anxiety & Depression Symptoms - Customized SSL, WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Anxiety & Depression Symptoms published at the 'play' market has multiple vulnerabilities...

Stop Anxiety With Acupressure. - Customized SSL, MIT license vulnerabilities

HackApp vulnerability scanner discovered that application Stop Anxiety With Acupressure. published at the 'play' market has multiple vulnerabilities...

Twitter State-Sponsored Attack Notification

Twitter’s decision to notify users when their accounts are targeted in state-sponsored attacks earned its share of praise. But Twitter’s silence in terms of specifics about the attacks—whether by choice or gagged by a National Security Letter—has foisted some anxiety upon those who were notified....

anxiety-panic.com XSS vulnerability

Vulnerable URL: http://www.anxiety-panic.com/SEARCH.CFM?FIELDNAMES=CAT7,KEYWORDS&CAT7;=ON=" Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 13:41 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 8080721 Google...

Chip and PIN EMV Protocol security vulnerabilities found

Chip-and-PIN payment cards are coming to the United States after a long head start as a standard card-present payment method in Europe and Asia. Already, retailer Target accelerated its plan to move its branded debit and credit cards to chip-and-PIN, also known as EMV Europay, MasterCard and Visa...

OpenCSP Multiple Remote File Include Vulnerability

No description provided by source. @================================================================================================================================================@ + Location : notepad + Situs : wwwdotmanadocodingdotnet + Contact : engelpemulaatgmaildotcom + Download Script :...

ClearSite 4.50 (cs_base_path) Remote File Inclusion Vulnerability

No description provided by source. Network Management/Inventory System header.php Remote File Include Vulnerability ----------------------------------------------------------------------------------...