93 matches found
PT-2025-37744
Name of the Vulnerable Software and Affected Versions: color-string version 2.1.1 Description: The npm publishing account for color-string was compromised following a phishing attack. Version 2.1.1 was published with a malicious payload designed to redirect cryptocurrency transactions within...
CVE-2025-2443
An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...
CVE-2025-46887
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโs browser when they brow...
CVE-2025-47033 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโs browser when they brow...
CVE-2024-13378
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โstylesettingsโ parameter in versions 2.9.0.1 up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2023-45740
Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...
CVE-2025-30314
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโs browser when they browse to the page containing t...
CVE-2024-52992 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโs browser when they browse to the page...
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 - Nov 03)
This week was a total digital dumpster fire! Hackers were like, "Let's cause some chaos!" and went after everything from our browsers to those fancy cameras that zoom and spin. You know, the ones they use in spy movies? ๐ต๏ธโโ๏ธ We're talking password-stealing bots, sneaky extensions that spy on you,...
CVE-2024-45489
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however because of misconfigured Firebase ACLs, it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and...
NetCat CMS ๅฎๅ จๆผๆด
NetCat CMS is a content management system from NetCat, Inc. A security vulnerability previously existed in NetCat CMS version 6.4.0.24248. An attacker could exploit the vulnerability to execute JavaScript code in a user's browser when the user visits a specific path on the site...
CVE-2023-48492
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
A New Security Category Addresses Web-borne Threats
In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one. Ye...
The Definitive Browser Security Checklist
Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it ...
TrickBot Malware Using New Techniques to Evade Web Injection Attacks
The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. "As part of that escalation, malware injections have been fitted with added protection to keep...
Cybozu Garoon ่ทจ็ซ่ๆฌๆผๆด
A cross-site scripting vulnerability exists in Scheduler in Cybozu Garoon, a portal-based OA office system from Cybozu Japan. An attacker can use this vulnerability to execute arbitrary scripts on a logged-in user's Web browser...
gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services
A flaw was found in gupnp. DNS rebinding can occur when a victim's browser is used by a remote web server to trigger actions against local UPnP services including data exfiltration, data tempering, and other exploits. The highest threat from this vulnerability is to data confidentiality and...
Vulnerability fixed in Dell iDRAC
Dell has fixed a vulnerability in iDrac. A malicious person could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. iDRAC is a management environment. I...