CVE-2020-35704

Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen...

Bottelet Daybyday Crm 跨站脚本漏洞

Daybyday is a customer relationship management system. A stored cross-site scripting vulnerability exists in Daybyday 2.1.0. The vulnerability can be exploited to conduct cross-site scripting attacks via the Title parameter of the New Lead screen...

A week in security (December 14 – December 20)

Last week on Malwarebytes Labs we kept you updated on the SolarWinds attack, we warned about the special dangers that come with the Christmas season, published a threat profile for the Egregor ransomware, warned how a lead generation scam was targeting potential Malwarebytes MSP partners, and...

Likely lead generation scam targets potential Malwarebytes MSP partners

Recently, Malwarebytes discovered a potential lead generation scam targeting companies that are interested in our Malwarebtyes Managed Service Provider MSP Program. In the scam, an individual who used the name “Jenny” aggressively contacted potential MSP partners claiming to represent Malwarebyte...

Zomato: SQL Injection in www.hyperpure.com

Vulnerable Request : PUT /consumer/onboarding/saleslead/6b6a8a5a-4a74-46db-b2fe-32a46f927ecc HTTP/1.1 Host: api.hyperpure.com User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:83.0 Gecko/20100101 Firefox/83.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5...

HackerOne: Second-order SOQL injection through email and campaign name parameter in Salesforce lead submission

The HackerOne directory contains profiles of bug bounty and vulnerability disclosure programs that aren't managed on HackerOne. These profiles can be claimed by the organization that manages it. As part of this flow, they will need to enter an email address to confirm that affiliation with the...

How to Run Google SERP API Without Constantly Changing Proxy Servers

You've probably run into a major problem when trying to scrape Google search results. Web scraping tools allow you to extract information from a web page. Companies and coders from across the world use them to download Google's SERP data. And they work well – for a little while. After several...

leadmotors.co.jp Cross Site Scripting vulnerability OBB-1356087

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

LEAD Technologies LEADTOOLS Buffer Overflow Vulnerability (CNVD-2021-39167)

LEAD Technologies LEADTOOLS is an image processing development kit from LEAD Technologies. A buffer overflow vulnerability exists in the ANI file format parser in LEAD Technologies LEADTOOLS version 20. The vulnerability can be exploited by an attacker to execute code with the help of a specially...

Vulnerability Spotlight: Remote code execution vulnerabilities in LEADTOOLS 20

Cory Duplantis of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered a remote code execution vulnerability in the LEADTOOLS line of imaging toolkits. LEADTOOLS is a collection of toolkits designed to perform a variety of functions aimed at integrating...

Service Update 0.14 for Microsoft Dynamics 365 9.0

Service Update 0.14 for Microsoft Dynamics 365 9.0 INTRODUCTION Service Update 9.0.14 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.14. MORE INFORMATION Update package| Version number ---|---...

WordPress WP Lead Plus X Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.WP Lead Plus X is a page builder that supports building login and other pages. A cross-site scripting vulnerability exists i...

WordPress WP Lead Plus X Cross-Site Scripting Vulnerability (CNVD-2020-22307)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.WP Lead Plus X is a page builder that supports building login and other pages. A cross-site scripting vulnerability exists i...

CVE-2020-11509

An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37wplimporttemplate admin-post action which will execute in an administrator's browser if the template is used to create a page...

CVE-2020-11509

An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37wplimporttemplate admin-post action which will execute in an administrator's browser if the template is used to create a page...

CVE-2020-11508

An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wpajaxcore37lpsavepage aka core37lpsavepage AJAX action...

CVE-2020-11508

An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wpajaxcore37lpsavepage aka core37lpsavepage AJAX action...

Cross site scripting

An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wpajaxcore37lpsavepage aka core37lpsavepage AJAX action...

CVE-2020-11509

WP Lead Plus X plugin for WordPress is affected by an unauthenticated stored XSS vulnerability up to version 0.98 (also described as through 0.98 with PoC guidance toward 0.99+). The issue arises from the c37_wpl_import_template admin-post action, allowing attackers to upload page templates conta...

CVE-2020-11509

An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37wplimporttemplate admin-post action which will execute in an administrator's browser if the template is used to create a page...