PT-2023-13469 · Tcman Gim · Tcman Gim

Name of the Vulnerable Software and Affected Versions: TCMAN GIM version 8.0.1 Description: The issue concerns the sReferencia, sDescripcion, txtCodigo, and txtDescripcion parameters in the "frmGestionStock.aspx" and "frmEditServicio.aspx" files, which could allow an attacker to perform persisten...

CVE-2023-32670

Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "name=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is...

Malicious code in apidemo-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f75d9b21d9cdb2946b01c0b9e4be982b14730680d4e167d11ad1402cf1c95ff8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.3 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS ba...

Malicious code in @zettle-bo/dashboard (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 510b4f65adcadc6cf06f1caf2a6a9f71e0b88b31e88b96d18de7dc241fdb9c70 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Moderate: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.6 security and bug fix update

OpenShift API for Data Protection OADP 1.1.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2023-4093

Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access...

Cross site scripting

Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access...

Inside XWorm: Malware Analysts Decode the Stealthy Tactics of the Latest Variant

XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe. Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its...

Malicious code in @spgy/eslint-plugin-spgy-fe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f153ed03ad775543b9a2c5ba45f744fdb6dc3bdd3de7734a273488881a1353a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fca-bucu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2908145aa0c6daa50e572b3120bf06a85fcc270fc0cdf0733af4bf1e624bf0da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fce-vanthinh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c3a287005f67e6918d008e51a2146300d174fca3a97b210b9c29e20d3319bff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in test-archive (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1f4a4a3a36da800a3c6e33fb47a4a42edf9ec19c39db7d5ea4e52a8fb378d12 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

STORED XSS in Journal-> Sections

Description Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XS...

CISA, FBI, and CNMF Release Advisory on Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475

Today, CISA, Federal Bureau of Investigation FBI, and U.S. Cyber Command’s Cyber National Mission Force CNMF published a joint Cybersecurity Advisory CSA, Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475. This CSA provides information on an incident at an Aeronautical...

PT-2023-5296 · Unknown · Mod3Gp-Sy-120K

Name of the Vulnerable Software and Affected Versions: MOD3GP-SY-120K affected versions not specified Description: The web application of MOD3GP-SY-120K contains a persistent cross-site scripting XSS issue. This allows an authenticated remote attacker to inject an XSS payload into the MAIL RCV...

CVE-2023-41107

TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting XSSattack...

Cross site scripting

TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting XSSattack...

CVE-2023-41107

TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting XSSattack...

CVE-2023-39370

StarTrinity Softswitch version 2023-02-16 - Persistent XSS CWE-79...