119 matches found
CVE-2021-24713 Video Lessons Manager - Admin+ Stored Cross-Site Scripting
The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks...
CVE-2021-24713
The CVE-2021-24713 entry affects the WordPress plugins Video Lessons Manager (before 1.7.2) and Video Lessons Manager Pro (before 3.5.9). The root cause is improper sanitization/escaping when updating settings, enabling stored Cross-Site Scripting by privileged users. Reported impacts include XSS...
PT-2021-16216
Name of the Vulnerable Software and Affected Versions Video Lessons Manager WordPress plugin versions prior to 1.7.2 Video Lessons Manager Pro WordPress plugin versions prior to 3.5.9 Description The issue concerns the improper sanitization and escaping of values when updating settings, potential...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Video Lessons Manager, which stems from a...
Evolving Zero Trust—Lessons learned and emerging trends
Looking back at the last two years, to say that our security strategies have evolved would be an understatement. Organizations around the world made overnight transitions to remote work models in response to a global pandemic, forcing them to reassess attack surface areas as they underwent an...
Video Lessons Manager - Admin+ Stored Cross-Site Scripting
The plugins do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks PoC Open the CM Video Lesson Plugin's Settings page. Click on Label Tab Enter payload like " into the "channel" or "channels" fields...
WordPress Video Lessons Manager Pro premium plugin <= 3.5.8 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Shivam Rai in WordPress Video Lessons Manager Pro premium plugin versions = 3.5.8. Solution Update the WordPress Video Lessons Manager Pro premium plugin to the latest available version at least 3.5.9...
Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting
The plugin does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Plugin's Settings General "Error message for...
3 security lessons from an MSP that survived the Kaseya VSA attack
Jay Tipton, chief executive for the Managed Service Provider MSP Technology Specialists, remembers his Fourth of July weekend this year like many MSP employees likely remember theirs: As a bit of a nightmare. “That’s like the worst feeling you’ll ever have,” Tipton said about his initial...
Cutting the Red Tape: Lessons Learned from CyberThreats 2021
If I had a dollar for every time I heard the phrase “digital transformation,” I would have a lot of dollars. I’m sure you would too. We’d have even more if we counted the term “Zero Trust.” Maybe we should start counting them, now that I think about it!...
Scholastic Online School App Has Logic Flaw Vulnerability
Scholastic Online School App is a mobile application that provides private customized courses for students and friends. A logic flaw vulnerability exists in Scholastic Online School APP, which can be exploited by attackers to obtain sensitive information...
Shifting Threats in a Changed World: Edge, IoT and Vaccine Fraud
Though it’s often hard to find group consensus, one thing everyone can agree on is a feeling of relief that we may be moving past the worst of the pandemic. While few want to look back on the darkest times, those months have continuing lessons to teach about cybersecurity. Like it or not, the...
Authentication: Lessons Learned From Microsoft Exchange And F5 Big-IP Hacks
The past month has been a very dynamic time in the world of security for hackers and threat researchers, but it has been an extended nightmare for CSOs responsible for securing their enterprise networks...
Mistakes were Made, Lessons were Learned
Mark Nunnikhoven, AWS Community Hero and Trend Micro Vice President of Cloud Research, explores how to leverage the AWS Well Architected Framework, and six core design principles to build in the AWS cloud with confidence...
5 Security Lessons for Small Security Teams for the Post COVID19 Era
A full-time mass work from home WFH workforce was once considered an extreme risk scenario that few risk or security professionals even bothered to think about. Unfortunately, within a single day, businesses worldwide had to face such a reality. Their 3-year long digital transformation strategy w...
Umbrella_android - Digital And Physical Security Advice App
Umbrella is an Android mobile app developed by Security First that provides human rights defenders with the information on what to do in any given security situation and the tools to do it. It allows the user to choose what they want to do, such as: protect data; securely make a call/email;...
2020 Work-for-Home Shift: What We Learned
Goodbye, 2020 — and good riddance, right? Most of us don’t want to take too much from this year into the next — but let’s make an exception for what we learned about security in the wake of the COVID-19 pandemic. In 2021 after all, more enterprises will permanently downsize their physical spaces...
The International Playbook for Foiling Russian Interference
The Kremlin has meddled in so many elections that democracy’s immune system has gotten wise to its threats. Here are lessons other countries can teach us...
Case Study: How Incident Response Companies Choose IR Tools
Many companies today have developed a Cybersecurity Incident Response IR plan. It's a sound security practice to prepare a comprehensive IR plan to help the organization react to a sudden security incident in an orderly, rational manner. Otherwise, the organization will develop a plan while...
londondrivinglessons.net Cross Site Scripting vulnerability OBB-1237037
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...