GOautodial cross-site scripting vulnerability

GOautodial is an open-source next-generation omnichannel contact center suite developed by GOautodial. Version 4.0 of GOautodial contains a cross-site scripting vulnerability. This vulnerability arises because authenticated proxies can inject malicious scripts through message subjects, potentiall...

EUVD-2017-7708

Malware in sbrugna...

EUVD-2021-23446

Malware in sbrugna...

EUVD-2023-33024

Malicious code in bioql PyPI...

CVE-2025-5352

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

CVE-2020-5746

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by creating a crafted test...

Unmasking the new persistent attacks on Japan

Cisco Talos discovered malicious activities conducted by an unknown attacker since as early as January 2025, predominantly targeting organizations in Japan. The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution RCE flaw in the PHP-CGI implementation of PHP on Windows...

Falsification and eavesdropping of contents across multiple websites via Web Rehosting services

Overview Researchers at NTT Secure Platform Laboratories and Waseda University have identified multiple security issues that lead to content being tampered with and eavesdropped on a service called Web Rehosting. These issues have been published in NDSS 2020. "Web Rehosting" is the name of a grou...

Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders

The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company...

PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities

Exploit Title: PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2285 Release Date: ============= 2023-07-19 Vulnerability Laboratory ID VL-ID: ==================================== 2285 Common...

CVE-2023-29455

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts...

CVE-2023-29455

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts...

CVE-2023-29455

CVE-2023-29455 describes a reflected (non-persistent) XSS in Zabbix frontend, triggered by passing malicious code as a GET parameter to graph.php. The connected Debian advisory confirms this CVE is among multiple Zabbix flaws and provides remediation: on Debian 11 (bullseye) upgrade to 1:5.0.44+d...

CVE-2023-29455

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts...

China's Mustang Panda Hackers Exploit TP-Link Routers for Persistent Attacks

The Chinese nation-state actor known as Mustang Panda has been linked to a new set of sophisticated and targeted attacks aimed at European foreign affairs entities since January 2023. An analysis of these intrusions, per Check Point researchers Itay Cohen and Radoslaw Madej, has revealed a custom...

WordPress Plugin NewStatPress Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Plugin NewStatPress version 1.2.4 contains a cross-site scripting vulnerability that can be...

Securing Your Web App, One Robot at a Time

Modern web apps are two things: complex, and under persistent attack. Any publicly accessible web application can receive up to tens of thousands of attacks a month. While that sounds like a reason to immediately pull the plug and find a safe space to hide, these are likely spread across the...

A Bug in Facebook Messenger for Windows Could've Helped Malware Gain Persistence

Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Labs, today disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows. The vulnerability, which resides in Messenger version 460.16, could...

Persistence – Screensaver

Screensavers are part of Windows functionality and enable users to put a screen message or a graphic animation after a period of inactivity. This feature of Windows it is known to be abused by threat actors as a method of persistence. This is because screensavers are executable files that have th...

DirtyCOW Bug Drives Attackers to A Backdoor in Vulnerable Drupal Web Servers

In this post we’ll unpack a short -- but no less serious -- attack that affected some Linux-based systems, on October 31. Throughout the campaign, the attacker used a chain of vulnerabilities including the infamous Drupalgeddon2 and DirtyCOW, and system misconfigurations to persistently infect...