Lucene search
K

134 matches found

Imperva Blog
Imperva Blog
added 2021/11/03 1:25 p.m.12 views

Holiday Shopping Season is Upon Us: The State of Security Within eCommerce in 2021

The eCommerce industry has gone through years worth of changes in a matter of just a mere couple of months as the global pandemic emerged back in March of 2020. These changes have led to skyrocketing growth for the industry, with sales predicted to hit $4.921 trillion by the end of this year. And...

6.9AI score
Exploits0
Huntr
Huntr
added 2021/10/13 6:35 a.m.9 views

in jspark311/buriedunderthenoisefloor

Description Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. https://github.com/jspark311/BuriedUnderTheNoiseFloor/ is vulnerable to remo...

0.1AI score
Exploits0References2
Huntr
Huntr
added 2021/10/05 4:5 a.m.11 views

in yeswiki/yeswiki

Description Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker to inject javascript code via SVG...

0.5AI score
Exploits0References2
Imperva Blog
Imperva Blog
added 2021/08/17 4:0 p.m.71 views

Brace yourselves: Holiday shopping season is coming

The E-commerce market has seen tremendous revenue growth during the pandemic. Along with that good news for E-business, there has been an increase in fraudulent activities online that may cost retailers over $20 billion in losses by the end of 2021. According to eMarketer, worldwide retail...

7AI score
Exploits0
Hacker One
Hacker One
added 2021/07/15 11:55 p.m.68 views

Glovo: Reflected XSS on delivery.glovoapp.com

Summary: Hi, there's a reflected XSS vulnerability present on the https://delivery.glovoapp.com/referrals/ endpoint. Steps To Reproduce: Opening the following URL should trigger the prompt window specified in the request parameters, indicating that arbitrary javascript can be injected into the...

6.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/05/13 2:47 p.m.38 views

JavaScript Fraud: More Than Just Magecart and Skimming

The global pandemic has driven a sharp rise in online traffic that provides fertile ground for attackers to execute a growing number of more sophisticated client-side attacks. For example, Magecart-style attacks are used to steal sensitive information by skimming data either through a first-party...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/06 12:0 a.m.187 views

Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload

Title: Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload Author: h4shur date: 2021-05-06 Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/plugins/wp-super-edit/ Version : 2.5.4 and earlier Tested on: Windows 10 & Google Chrome Category : Web Application Bugs Dor...

7AI score
Exploits0
0day.today
0day.today
added 2021/05/06 12:0 a.m.41 views

Wordpress WP Super Edit 2.5.4 Plugin - Remote File Upload Vulnerability

Title: Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload Author: h4shur Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/plugins/wp-super-edit/ Version : 2.5.4 and earlier Tested on: Windows 10 & Google Chrome Category : Web Application Bugs Dork :...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2021/05/05 11:9 a.m.18 views

U.S. Dept Of Defense: [www.███] Reflected Cross-Site Scripting

Description: Good morning, there's a reflected cross-site scripting vulnerability on https://www.██████████/█████ There was some difficult in making a payload for this vulnerability, mainly due to the WAF blocking some vectors; But exploitation is still possible. Here's a proof of concept showing...

0.7AI score
Exploits0
NVD
NVD
added 2021/04/08 4:15 a.m.16 views

CVE-2021-1420

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...

4.7CVSS0.00925EPSS
Exploits0References1
Prion
Prion
added 2021/04/08 4:15 a.m.22 views

Design/Logic Flaw

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...

4.3CVSS4.8AI score0.00925EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/04/08 4:6 a.m.14 views

CVE-2021-1420 Cisco Webex Meetings HTML Injection Vulnerability

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...

4.7CVSS6.7AI score0.00925EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/04/08 4:6 a.m.25 views

CVE-2021-1420 Cisco Webex Meetings HTML Injection Vulnerability

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...

4.7CVSS5.1AI score0.00925EPSS
Exploits0References1
CNVD
CNVD
added 2021/04/08 12:0 a.m.6 views

Cisco Webex Meetings HTML Injection Vulnerability

Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. An HTML injection vulnerability exists in certain pages of Cisco Webex Meetings. The vulnerability stems from improper checking of parameter values on the affected pages. An attacker could exploit the vulnerability by...

4.7CVSS6.6AI score0.00925EPSS
Exploits0References1
Cisco
Cisco
added 2021/04/07 4:0 p.m.60 views

Cisco Webex Meetings HTML Injection Vulnerability

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by...

4.7CVSS4.7AI score0.00925EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/04/07 12:0 a.m.6 views

Cisco Webex Meetings 安全漏洞

Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. An HTML injection vulnerability exists in certain pages of Cisco Webex Meetings. The vulnerability stems from improper checking of parameter values on the affected pages. An attacker could exploit the vulnerability by...

4.7CVSS5.7AI score0.00925EPSS
Exploits0References3
Imperva Blog
Imperva Blog
added 2021/01/26 8:2 p.m.13 views

Online fraud at an all-time high amidst the global pandemic

Client-side attacks have become significantly more prominent in recent years, gaining popularity since 2015. As online activity rises due to the global pandemic, 2020 has been no exception, with the most susceptible target, e-commerce, becoming more lucrative than ever. The Client-Side Problem...

7.1AI score
Exploits0
Akamai Blog
Akamai Blog
added 2020/10/13 10:0 p.m.42 views

Akamai and Snyk Partnership Creates a Powerful Combination for In-Browser Script Protection

A web experience begins with the sum of the code you created. But it also includes all the code the user is put in contact with when loading your website. This means the attack surface to monitor for web application software threats is not just your code repositories, but the sum of the assets re...

1.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/08/18 4:34 p.m.3 views

keycloak: security headers missing on REST endpoints

A flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP responses. This issue is not a direct vulnerability and may not lead to a security issue, but increases the chances of allowing attackers to exploit other security flaws. Examples of these possible...

5.8CVSS5.8AI score0.00764EPSS
Exploits0References4
NVD
NVD
added 2020/07/16 6:15 p.m.29 views

CVE-2020-3345

A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could...

4.3CVSS0.01212EPSS
Exploits0References1
Rows per page
Query Builder