Carbon Forum 5.9.0 - Stored XSS

Exploit Title: Persistent XSS in Carbon Forum 5.9.0 Stored Date: 06/12/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.94cb.com/ Software Link: https://github.com/lincanbin/Carbon-Forum Version: 5.9.0 Tested on: Windows XP CVE: N/A Vulnerability Details A persistent stored XSS...

CVE-2024-37308

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the recipesettingsposttitle parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with...

CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the recipesettingsposttitle parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with...

CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the recipesettingsposttitle parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with...

CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the recipesettingsposttitle parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with...

China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally

State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, indicating that the operation had a broader impact than previously known. "The state actor behind this campaign was alread...

Carbon Forum 5.9.0 Cross Site Scripting

Exploit Title: Persistent XSS in Carbon Forum 5.9.0 Stored Date: 06/12/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.94cb.com/ Software Link: https://github.com/lincanbin/Carbon-Forum Version: 5.9.0 Tested on: Windows XP CVE: N/A Vulnerability Details A persistent stored XSS...

XMB 1.9.12.06 Cross Site Scripting

Exploit Title: Persistent XSS in XMB 1.9.12.06 Date: 06/12/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.xmbforum2.com/ Software Link: https://www.xmbforum2.com/download/XMB-1.9.12.06.zip Version: 1.9.12.06 Tested on: Windows XP CVE: N/A Vulnerability Details A persistent store...

Malicious code in asf-renderer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df408055de1ea1703a4d69234f7368c69466b2b470ce427a528fbe996a3f1e08 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in code.cloudflare.com (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fd0d00a0ff9a56ee7446eb2b6ffa5b59db4eb466925a2c3d769df90c00fdcd76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-27844

The issue was addressed with improved checks. This issue is fixed in Safari 17.5, macOS Sonoma 14.5, visionOS 1.2. A website's permission dialog may persist after navigation away from the site...

How to Enable Changed Block Tracking for Guest Cluster on vSphere with Tanzu

Purpose Changed Block Tracking is a VMware feature that tracks changes in virtual disks. Veeam Kasten for Kubernetes uses this feature in vSphere with Tanzu Guest Clusters to efficiently back up Persistent Volumes. Enabling Changed Block Tracking in each Supervisor Cluster where Veeam Kasten for...

Malicious code in @juiggitea/ut-odit-at (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff9b5a74bede900c4ceff979d81e8f4ed604f8e3a54f9a8a828626cb8299f566 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @juiggitea/quidem-perspiciatis-placeat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59dc1a7039cff8f7d99763aa9c613324cd920c1a9e9a005c03d501483fda82dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @juiggitea/nemo-non-sit (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 34313e69f7eab944c7cd563239a4fdc8adb6e2f0a7452d31c66703b4665dd02f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @juiggitea/eius-hic-assumenda (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fe23cfabe46a11eff41ad02a2131740d1aa2d372c88a9aba6de4f48b2fff0ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @juiggitea/cumque-nemo-quod (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a49efbe4e4279004e06685e2e27c50cf89e331267488d97cd6b492fa39fcca99 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @juiggitea/alias-excepturi-quod-aut (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 123c306817265ec80fca6a2c46d5b684a96b4d89b1f0dfe63eaf585e754a3a47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends

Impact Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate...

iMLog < 1.307 - Persistent Cross Site Scripting (XSS)

Exploit Title: iMLog "User Maintenance" 3. Click on "Search" and then select your UserID. 4. Change the "Last Name" input to 5. Click on "Save" 6. Refresh the page, XSS will be triggered...