18 matches found
EUVD-2021-14511
Malware in sbrugna...
EUVD-2024-3271
Malicious code in bioql PyPI...
GHSA-J4H6-GCJ7-7V9V decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds
Impact The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. Patches Not available Workarounds Disable the creation of meetings by participants in the meeting component. References OWASP ASVS v4.0.3-5.1.3 Credits This issue wa...
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds
Impact The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. Patches Not available Workarounds Disable the creation of meetings by participants in the meeting component. References OWASP ASVS v4.0.3-5.1.3 Credits This issue wa...
CVE-2024-45594 Decidim allows cross-site scripting (XSS) in the online or hybrid meeting embeds
Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0...
Decidim 跨站脚本漏洞
Decidim is an open source participatory democracy framework from Decidim, written in Ruby on Rails. A cross-site scripting vulnerability exists in Decidim versions 0.28.0, 0.28.1, and 0.28.2, which stems from a potential cross-site scripting attack on meeting embedding functionality used in onlin...
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds
Impact The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. Workarounds Disable the creation of meetings by participants in the meeting component. References OWASP ASVS v4.0.3-5.1.3 Credits This issue was discovered in a...
Scammers Made Deepfake AI Hologram of Binance Executive
By Deeba Ahmed According to Patrick Hillmann, chief communications officer of Binance, his Deepfake AI hologram is being used by scammers to trick users into online meetings and target Binance clients' crypto projects. This is a post from HackRead.com Read the original post: Scammers Made Deepfak...
BigBlueButton 2.3 / 2.4.7 Cross Site Scripting
CVE-2022-31064 - Stored Cross-Site Scripting in BigBlueButton. ========================= Exploit Title: Stored Cross-Site Scripting XSS in BigBlueButton Product: BigBlueButton Vendor: BigBlueButton Vulnerable Versions: 2.3, IV. References -----------------...
HCL Technologies HCL Sametime 安全漏洞
HCL Sametime, a conferencing solution from HCL Technologies, has a security vulnerability in HCL Technologies HCL Sametime version 11.6 that stems from a lack of external URL absorption in FaviconService, which could be exploited by an attacker to specify the external URL where the online meeting...
Microsoft Teams Denial of Service Vulnerability
Microsoft Teams is a software used for online meetings, chat, and cloud storage functions by the US company Microsoft Microsoft. Microsoft Teams has a denial of service vulnerability, and no details of the vulnerability are currently available...
From Bugs to Zoombombing: How to Stay Safe in Online Meetings
The COVID-19 pandemic, along with social distancing, has done many things to alter our lives. But in one respect it has merely accelerated a process begun many years ago. We were all spending more and more time online before the virus struck. But now, forced to work, study and socialize at home,...
Skype Phishing Attack Targets Remote Workers' Passwords
Remote workers are being warned of a new phishing campaign targeting their Skype passwords. The phishing emails look “eerily similar” to a legitimate Skype notification alert, according to a report released by Cofense on Thursday. Emails indicate users have 13 pending Skype notifications that can...
FBI Threatens 'Zoom Bombing' Trolls With Jail Time
As reports of “Zoom bombing” explode, the FBI is cracking down on the issue with a new warning that web conference hijackers could face jail time. Authorities say that anyone who hacks into a teleconference meeting can be charged at the state and federal level. Charges can include the disruption ...
As Zoom Booms, Incidents of ‘ZoomBombing’ Become a Growing Nuisance
Officials at Zoom have released tips for users of their video-conferencing platform to help avoid getting “Zoom-bombed” by trolls and even more serious threat actors during online meetings. The developers of the online video-conferencing service cautioned users to avoid sharing Zoom meeting links...
ClickMeeting Online Meetings - Dangerous filesystem permissions, Insecure KeyStore vulnerabilities
HackApp vulnerability scanner discovered that application ClickMeeting Online Meetings published at the 'play' market has multiple vulnerabilities...
LiveWorld Multiple Products - Cross Site Scripting
LiveWorld Multiple Products - Cross Site Scripting LiveWorld Cross Site Scripting Vendor: LiveWorld, Inc Product: LiveWorld Version: Multiple Products Website: http://www.liveworld.com CVE: CVE-2004-2566 OSVDB: 9180 PACKETSTORM: 34143 Description: LiveWorld provides collaborative services for...
LiveWorld Multiple Products - Cross Site Scripting
LiveWorld Cross Site Scripting Vendor: LiveWorld, Inc Product: LiveWorld Version: Multiple Products Website: http://www.liveworld.com CVE: CVE-2004-2566 OSVDB: 9180 PACKETSTORM: 34143 Description: LiveWorld provides collaborative services for online meetings, customer care, and loyalty marketing...