7660 matches found
Growling Bears Make Thunderous Noise
Growling Bears Make Thunderous Noise By Trellix · June 6, 2022 Per public attribution, Russian cybercriminal groups have always been active. Their tactics, techniques, and procedures TTPs have not significantly evolved over time, although some changes have been observed. Lately, the threat...
Malicious code in lexical-monorepo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4af686331feed45b8818ceff08372677fb1f0f5531b48057d994aa8d3e871fc7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Product Show Room Site 1.0 Cross Site Scripting
Product Show Room Site - 'Telephone' Stored Cross-Site ScriptingXSS Exploit Title: Product Show Room Site - 'Telephone' Stored Cross-Site ScriptingXSS Exploit Author: [email protected] inc Vendor Homepage:...
Malicious code in react-devtools-release-script (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ea7f251efb5b52e9221271c637b06b4d48a22a5c0e762a8723498050b5adf80 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ceye-test-0001 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8e6c92b162c66b57e82aeff6cb8f48d5f03b4aa264ae009c99139ad5261e520e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats
ChromeLoader may seem on the surface like a run-of-the-mill browser hijacker that merely redirects victims to advertisement websites. However, its use of PowerShell could pose a greater risk by leading to further and advanced malicious activity, such as the propagation of ransomware or spyware or...
Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.6.5 security and bug fix update
The Migration Toolkit for Containers MTC 1.6.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years
An "aggressive" advanced persistent threat APT group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attack...
Android apps with millions of downloads exposed to high-severity vulnerabilities
Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote albeit complex or local attacks. The vulnerabilities, which affected apps...
CVE-2022-26725
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. Photo location information may persist after it is removed with Preview Inspector...
CVE-2022-29408
Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...
CVE-2022-29408
Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...
Cross site scripting
Persistent Cross-Site Scripting XSS vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin = 1.8.7 at WordPress...
CVE-2022-29408
The CVE-2022-29408 entry concerns Vsourz Digital’s WordPress plugin Advanced Contact form 7 DB (<= 1.8.7). Connected sources confirm a persistent (stored) Cross-Site Scripting (XSS) vulnerability, caused by insufficient sanitization/escaping of a parameter in the plugin’s form handling, enabli...
Moodle Persistent Cross-site Scripting (XSS)
Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users Teacher and above to inject JavaScript into the session of another user e.g., enrolled student or site administrator via the introeditortext parameter. NOTE: the discoverer and vendor disagree on whether Mood...
GHSA-JXJC-6XMH-H7MG Magento 2 Community Edition XSS Vulnerability
Magento versions 2.4.0 and 2.3.5p1 and earlier are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could be abused by an unauthenticated attacker to execute XSS attacks against other Magento users. This...
GHSA-FXF3-WX3C-76PF Shopware vulnerable to Cross-site Scripting
In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication...
Shopware vulnerable to Cross-site Scripting
In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication...
GHSA-F99H-H678-FGG4 Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet
In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will...
CVE-2022-29432
Multiple Authenticated administrator or higher user role Persistent Cross-Site Scripting XSS vulnerabilities in TMS-Plugins wpDataTables plugin = 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters...