Lucene search
K

119 matches found

Cvelist
Cvelist
added 2021/11/23 7:16 p.m.17 views

CVE-2021-24713 Video Lessons Manager - Admin+ Stored Cross-Site Scripting

The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks...

5.1AI score0.00598EPSS
Exploits2References1
CVE
CVE
added 2021/11/23 7:16 p.m.58 views

CVE-2021-24713

The CVE-2021-24713 entry affects the WordPress plugins Video Lessons Manager (before 1.7.2) and Video Lessons Manager Pro (before 3.5.9). The root cause is improper sanitization/escaping when updating settings, enabling stored Cross-Site Scripting by privileged users. Reported impacts include XSS...

4.8CVSS4.8AI score0.00598EPSS
Exploits2References1Affected Software2
Positive Technologies
Positive Technologies
added 2021/11/23 12:0 a.m.5 views

PT-2021-16216

Name of the Vulnerable Software and Affected Versions Video Lessons Manager WordPress plugin versions prior to 1.7.2 Video Lessons Manager Pro WordPress plugin versions prior to 3.5.9 Description The issue concerns the improper sanitization and escaping of values when updating settings, potential...

4.8CVSS5.3AI score0.00598EPSS
Exploits2References3
CNNVD
CNNVD
added 2021/11/23 12:0 a.m.4 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Video Lessons Manager, which stems from a...

4.8CVSS5.1AI score0.00598EPSS
Exploits2References2
Microsoft Secure
Microsoft Secure
added 2021/11/03 4:0 p.m.21 views

Evolving Zero Trust—Lessons learned and emerging trends

Looking back at the last two years, to say that our security strategies have evolved would be an understatement. Organizations around the world made overnight transitions to remote work models in response to a global pandemic, forcing them to reassess attack surface areas as they underwent an...

7AI score
Exploits0
WPVulnDB
WPVulnDB
added 2021/10/25 12:0 a.m.18 views

Video Lessons Manager - Admin+ Stored Cross-Site Scripting

The plugins do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks PoC Open the CM Video Lesson Plugin's Settings page. Click on Label Tab Enter payload like " into the "channel" or "channels" fields...

4.8CVSS1.2AI score0.00598EPSS
Exploits2Affected Software2
Patchstack
Patchstack
added 2021/10/25 12:0 a.m.13 views

WordPress Video Lessons Manager Pro premium plugin <= 3.5.8 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Shivam Rai in WordPress Video Lessons Manager Pro premium plugin versions = 3.5.8. Solution Update the WordPress Video Lessons Manager Pro premium plugin to the latest available version at least 3.5.9...

2.3AI score0.00598EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/09/20 12:0 a.m.499 views

Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Plugin's Settings General "Error message for...

4.8CVSS4.8AI score0.00622EPSS
Exploits2
Malwarebytes
Malwarebytes
added 2021/09/16 12:33 p.m.33 views

3 security lessons from an MSP that survived the Kaseya VSA attack

Jay Tipton, chief executive for the Managed Service Provider MSP Technology Specialists, remembers his Fourth of July weekend this year like many MSP employees likely remember theirs: As a bit of a nightmare. “That’s like the worst feeling you’ll ever have,” Tipton said about his initial...

7.3AI score
Exploits0
Akamai Blog
Akamai Blog
added 2021/07/27 4:0 a.m.13 views

Cutting the Red Tape: Lessons Learned from CyberThreats 2021

If I had a dollar for every time I heard the phrase “digital transformation,” I would have a lot of dollars. I’m sure you would too. We’d have even more if we counted the term “Zero Trust.” Maybe we should start counting them, now that I think about it!...

7AI score
Exploits0
CNVD
CNVD
added 2021/07/11 12:0 a.m.12 views

Scholastic Online School App Has Logic Flaw Vulnerability

Scholastic Online School App is a mobile application that provides private customized courses for students and friends. A logic flaw vulnerability exists in Scholastic Online School APP, which can be exploited by attackers to obtain sensitive information...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2021/05/11 4:8 p.m.37 views

Shifting Threats in a Changed World: Edge, IoT and Vaccine Fraud

Though it’s often hard to find group consensus, one thing everyone can agree on is a feeling of relief that we may be moving past the worst of the pandemic. While few want to look back on the darkest times, those months have continuing lessons to teach about cybersecurity. Like it or not, the...

5.7AI score
Exploits0References3
Akamai Blog
Akamai Blog
added 2021/03/24 4:0 a.m.15 views

Authentication: Lessons Learned From Microsoft Exchange And F5 Big-IP Hacks

The past month has been a very dynamic time in the world of security for hackers and threat researchers, but it has been an extended nightmare for CSOs responsible for securing their enterprise networks...

2.2AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/03/01 12:0 a.m.14 views

Mistakes were Made, Lessons were Learned

Mark Nunnikhoven, AWS Community Hero and Trend Micro Vice President of Cloud Research, explores how to leverage the AWS Well Architected Framework, and six core design principles to build in the AWS cloud with confidence...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/23 11:1 a.m.5 views

5 Security Lessons for Small Security Teams for the Post COVID19 Era

A full-time mass work from home WFH workforce was once considered an extreme risk scenario that few risk or security professionals even bothered to think about. Unfortunately, within a single day, businesses worldwide had to face such a reality. Their 3-year long digital transformation strategy w...

5.9AI score
Exploits0
Kitploit
Kitploit
added 2021/01/13 8:30 p.m.63 views

Umbrella_android - Digital And Physical Security Advice App

Umbrella is an Android mobile app developed by Security First that provides human rights defenders with the information on what to do in any given security situation and the tools to do it. It allows the user to choose what they want to do, such as: protect data; securely make a call/email;...

6.4AI score
Exploits0References7
ThreatPost
ThreatPost
added 2020/12/29 1:0 p.m.67 views

2020 Work-for-Home Shift: What We Learned

Goodbye, 2020 — and good riddance, right? Most of us don’t want to take too much from this year into the next — but let’s make an exception for what we learned about security in the wake of the COVID-19 pandemic. In 2021 after all, more enterprises will permanently downsize their physical spaces...

7.3AI score
Exploits0References20
Wired Threat Level
Wired Threat Level
added 2020/09/15 10:0 a.m.27 views

The International Playbook for Foiling Russian Interference

The Kremlin has meddled in so many elections that democracy’s immune system has gotten wise to its threats. Here are lessons other countries can teach us...

3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/05 10:20 a.m.62 views

Case Study: How Incident Response Companies Choose IR Tools

Many companies today have developed a Cybersecurity Incident Response IR plan. It's a sound security practice to prepare a comprehensive IR plan to help the organization react to a sudden security incident in an orderly, rational manner. Otherwise, the organization will develop a plan while...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/07/24 4:40 p.m.8 views

londondrivinglessons.net Cross Site Scripting vulnerability OBB-1237037

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Rows per page
Query Builder