Malicious code in @zitterorg/illum-quidem (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd15ba0019e3a1a688c4a7f881d55ebba37d8b7e19fc1b2a8c4f55856c93798f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @zitterorg/itaque-nesciunt-voluptatibus (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d20c232adf35eee773aba9024dfa9d48b92b227809834242b2f0c851270689f3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @zitterorg/officia-tempora-sequi (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a0db1890c2143a131ce07eb08219825a3d054031562e71489dab5dcfeabfc20 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @zitterorg/molestias-in (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4203d5d6cf9467afa779754419b8356ce12d342a64bf06773b36a3d04940e4a3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @zitterorg/quia-sapiente (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac1bcf9c797c7505ef34a65a8b7cd8bf67a4e7a4dff46e77a134869e4af3c93c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7150 Malicious code in @zitterorg/cupiditate-fugiat-culpa (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 505aa19c407d211fbbff5a2b9e252641bc3dac0ed45bb8c4a67cc3baebbd2a60 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @zitterorg/velit-autem (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9338884be8e4522ff1bf86cec4a775020a3fd583cdcddb7a167a5cba79d258af Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @zitterorg/iure-consequatur-nostrum (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45fb454d23f187cd3ebe45f6cf2a05cf25bf0aa862d41a56159b3ffbfcf39774 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @zitterorg/incidunt-cum (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a48ed2154d858356e5de2be6327986d6a3f0b2955dec808c9986bae75d0b3550 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Citrix CDFControl Service How to Save Logs On A UNC Network Share

Sometimes it may be necessary to save trace data to a shared network folder, for example, crash/hang issues with non-persistent VDAs or due to local disk space constraints...

CVE-2024-39310 WordPress Basil Theme Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Basil recipe theme for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the posttitle parameter in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access...

CVE-2024-36992

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthoriz...

CVE-2024-36997 Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a...

CVE-2024-36997 Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a...

CVE-2024-36993 Persistent Cross-site Scripting (XSS) in Web Bulletin

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in...

CVE-2024-36992 Persistent Cross-site Scripting (XSS) in Dashboard Elements

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthoriz...

PT-2024-28436 · WordPress · Basil +1

Name of the Vulnerable Software and Affected Versions: The Basil recipe theme for WordPress versions up to, and including, 2.0.4 Description: The issue is related to Persistent Cross-Site Scripting XSS via the post title parameter due to insufficient input sanitization and output escaping. This...

CVE-2024-38521 Persistent Cross-Site Scripting (XSS) in hushline inbox

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0...

Malicious code in recovery-center-web-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2c243af7b9adcb93c55a9f9976096aa2a6470dbb50e45785b0cc87b3b4181afa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

XMB 1.9.12.06 - Stored XSS

Exploit Title: Persistent XSS in XMB 1.9.12.06 Date: 06/12/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.xmbforum2.com/ Software Link: https://www.xmbforum2.com/download/XMB-1.9.12.06.zip Version: 1.9.12.06 Tested on: Windows XP CVE: N/A Vulnerability Details A persistent store...