36 matches found
EUVD-2025-197999
Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. The vendor was notified early...
Windu CMS 安全漏洞
Windu CMS Windu CMS is a lightweight web content management system CMS from Windu. A security vulnerability exists in Windu CMS version 4.1, which stems from insufficient client-side brute force protection and could lead to brute force attacks...
EUVD-2007-5709
Malware in sbrugna...
EUVD-2008-4496
Malware in sbrugna...
Imperva Enhances Client-Side Protection to Help You Stay Ahead of PCI-DSS Compliance
When the latest PCI DSS 4.0 requirements came into full effect in March 2025, organizations processing cardholder data faced new obligations to protect payment pages from client-side risks. Requirements such as 6.4.3 script inventory, authorization, and integrity monitoring and 11.6.1 detection o...
How to Comply with PCI DSS 4.0 Requirements 6.4.3 and 11.6.1
The countdown to compliance is in its final stretch. With the third and final phase of PCI DSS 4.0 requirements taking effect on March 31, 2025, organizations are under increasing pressure to ensure their client-side security measures meet the new requirements. At Imperva, we’re committed to...
PCI DSS v4.0.1: Meeting New Client-Side Security Requirements
Learn how Akamai Client-Side Protection & Compliance helps organizations meet the latest payment security updates and clarifications outlined in PCI DSS v4.0.1...
Imperva Client-Side Protection Mitigates the Polyfill Supply Chain Attack
The recent discovery of a website supply chain attack using the cdn.polyfill.io domain has left many websites vulnerable to malicious code injection. Once a trusted resource for adding JavaScript polyfills to websites, the domain has recently become the epicenter of a significant website supply...
Are HTTP Content-Security-Policy (CSP) Headers Sufficient to Secure Your Client Side?
Modern web frameworks have shifted business logic from the server side to the client side web browser, enhancing performance, flexibility, and user experience. However, this move introduces security and privacy concerns, as exposing sensitive logic and data can lead to vulnerabilities like code...
In-App Browsers and Akamai Client-Side Protection & Compliance
Learn how Akamai's Client-Side Protection & Compliance tracks In-App browser injections to make sure sensitive information is kept safe and private...
In-App Browsers and Akamai Client-Side Protection & Compliance
Learn how Akamai's Client-Side Protection & Compliance tracks In-App browser injections to make sure sensitive information is kept safe and private...
Imperva Introduces New Features to Help Prevent Online Fraud
As we move more of our daily activities and the services we consume online, the threat of fraud grows, and the risks become greater. Data suggests the majority of organizations are already detecting a rise in online fraud. In a recent survey of senior risk executives, 67 percent said that their...
Shopify: Stored XSS at https://linkpop.com
Summary: There is Stored XSS vulnerability at https://linkpop.com/dashboard/admin that can later be delivered through unique linkpop link. This is due to lack of sanitizaiton and relying on client side protections when inserting urls to our applications. This is the client side protection error:...
2021 in Review, Part 2: 5 Top Cybersecurity Stories
Ransomware may have dominated headlines in 2021, but it’s only one of many threats security teams must protect against. We’re taking a look back at 5 top cybersecurity stories of 2021 that practitioners wanted to learn more about. 5. The State of Security in eCommerce Why you should learn more...
Recent NPM package hack is an alarming reminder of the risks of website supply-chain fraud
There are over 1.8 billion websites online today. Almost 98% of them are powered by JavaScript, and for a good reason: JavaScript’s flexibility and portability enable the rich online functionality we’ve all come to know and love. But when that same functionality becomes a significant vector for...
Akamai Offers Free Tier for Client-Side Edge Security
In March of 2020, Akamai saw a dramatic 30% rise in internet traffic --- equivalent to an entire year of growth 1. Post-pandemic, Akamai believes there will be a return to normal internet traffic growth, but many things will never be the same. In general, we particularly expect to see greater...
Questions to Ask Your Application Security Provider
There is a great deal to consider when evaluating application security providers. Understanding your goals will help. If your goal is vendor consolidation, then selecting those that offer multiple security capabilities over single products may make more sense. And if your goal is out-of-the-box...
How Client-Side Protection & Compliance Detects Real-World Magecart Attacks
In this blog, we will take a look at and break down a recent Magecart attack detected and mitigated by Client-Side Protection & Compliance. The impacted customer operates a large international e-commerce business in which one of its websites was compromised with a malicious script...
Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass / IDOR
Summary Sony's BRAVIA Signage is an application to deliver video and still images to Pro BRAVIAs and manage the information via a network. Features include management of displays, power schedule management, content playlists, scheduled delivery management, content interrupt, and more. This...
Putting Your Data Security at the Center of our Mission
We’re more than just an industry-leading Web Application Firewall! For a long time now, Imperva has been known in the cyber security industry as ‘the WAF company’. The go-to brand for Application Security and Web Application Firewalls. But this is only possible due to our data protection DNA. Thi...