330 matches found
CVE-2021-39250
Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widget...
Cross site scripting
Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widget...
CVE-2021-39250
Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widget...
CVE-2021-37403
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and an App Loader relative URL is used...
CVE-2021-26698
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and the dl parameter is used...
Cross site scripting
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and the dl parameter is used...
Cross site scripting
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and an App Loader relative URL is used...
CVE-2021-37403
OX App Suite vulnerable to XSS via a code snippet in user-generated content when a sharing link is created and an App Loader relative URL is used. Affected versions: before 7.10.3-rev32 and before 7.10.4-rev18. The vulnerability stems from how the App Loader relative URL handles shared links. Rem...
CVE-2021-26698
Open-Xchange OX App Suite is affected by a cross-site scripting vulnerability in older releases. Affected products: OX App Suite prior to 7.10.3-rev32 and 7.10.4 prior to 7.10.4-rev18. The issue arises when a sharing link is created and the dl parameter is used, allowing XSS via user-generated co...
CVE-2021-26698
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and the dl parameter is used...
11-13 year old girls most likely to be targeted by online predators
The Internet Watch Foundation IWF, a not-for-profit organization in England whose mission is "to eliminate child sexual abuse imagery online", has recently released its analysis of online predator victimology and the nature of sexual abuse media that is currently prevalent online. The scope of th...
Design/Logic Flaw
Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
CVE-2020-2214
Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
Cross-Site Scripting (XSS)
pngquant-bin is vulnerable to cross-site scripting XSS attacks. The raw.github.com subdomain does not properly sanitize user-generated content, allowing an attacker to upload potentially malicious contents...
Facebook Cracks Down on Deepfake Videos
Facebook is banning deepfake videos, which stem from a technique of human-image synthesis based on artificial intelligence AI to create fake content. Over the past year, security experts and lawmakers have voiced concerns about malicious deepfake applications, particularly as a vessel for...
Vulnerability Spotlight: Multiple Vulnerabilities in CorelDRAW X8
Today, Talos is disclosing several vulnerabilities that have been identified in CorelDRAW X8. CorelDRAW X8 is graphics suite used for manipulating raster and vector images and is a common alternative to Adobe Creative Cloud. Several of the vulnerabilities being disclosed today specifically affect...
Microsoft Browser Information Disclosure Vulnerability
An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. In a web-based attack scenario, an attacker could host a website that is us...
Rockstar Games: Comments Denial of Service in socialclub.rockstargames.com
In this report, the researcher was able to demonstrate a POC utilizing control character injection that disabled a chain of comments in sections of the site containing UGC, particularly Jobs and Job playlists. Although denial-of-service attacks are typically closed as Not Applicable in our progra...
Microsoft Browser Information Disclosure Vulnerability
An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. In a web-based attack scenario, an attacker could host a website that is us...
Internet Explorer Information Disclosure Vulnerability
An information disclosure vulnerability exists when Internet Explorer does not properly handle JavaScript. The vulnerability could allow an attacker to detect specific files on the user's computer. In a web-based attack scenario, an attacker could host a website used to attempt to exploit the...