Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals

A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called Moreeggs, indicating persistent efforts to single out the sector under the guise of fake job applications. "A sophisticated spear-phishing lure tricked a recruitment officer into downloading a...

firefox: thunderbird: Cross-origin access to PDF contents through multipart responses

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This...

SUSE CVE-2024-9394

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full...

Important: thunderbird

Issue Overview: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox 128, Firefox ESR 115.13, Thunderbird 115.13, and Thunderbird 128...

CVE-2024-33209

FlatPress v1.3 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser...

IBM WebSphere Application Server 8.5.x < 8.5.5.27 / 9.x < 9.0.5.22 XSS (7171755)

The version of IBM WebSphere Application Server running on the remote host is affected by a XSS vulnerability as referenced in the 7171755 advisory. - IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed...

Foxit Reader checkbox Calculate use-after-free vulnerability

Talos Vulnerability Report TALOS-2024-1967 Foxit Reader checkbox Calculate use-after-free vulnerability October 2, 2024 CVE Number CVE-2024-28888 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript co...

CVE-2024-47524

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of...

CVE-2024-47523

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section which contains multiple fields depending on which...

CVE-2024-47525

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious...

CVE-2024-47526

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting Self-XSS vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not...

CVE-2024-47523 LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section which contains multiple fields depending on which...

CVE-2024-47523 LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section which contains multiple fields depending on which...

GHSA-FC38-2254-48G7 LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Devic...

LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromisin...

GHSA-GCGP-Q2JQ-FW52 LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature

Summary A Self Cross-Site Scripting Self-XSS vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not persist after a page refresh. Details The vulnerability occurs when...

LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature

Summary A Self Cross-Site Scripting Self-XSS vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not persist after a page refresh. Details The vulnerability occurs when...

CVE-2024-47524

Summary of CVE-2024-47524 (LibreNMS) : The vulnerability affects LibreNMS where an Admin can create a Device Group and the input is not properly sanitized in the Device Group name. As a result, viewing the Device Group detail can trigger injected JavaScript, i.e., a stored XSS vulnerability. This...

CVE-2024-47524 LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of...

CVE-2024-47525 Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-alert-rules.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious...