CVE-2021-43409

The CVE-2021-43409 entry concerns the WordPress WPO365 | LOGIN plugin (≤15.3) with a persistent (stored/second-order) XSS flaw. The vulnerability allows anonymous submission of malicious script that is stored and later executed when an administrator authenticates to the WordPress Dashboard. The a...

CVE-2021-43409 WPO365 | LOGIN - Wordpress Plugin Persistent Cross-Site Scripting

The “WPO365 | LOGIN” WordPress plugin up to and including version 15.3 by wpo365.com is vulnerable to a persistent Cross-Site Scripting XSS vulnerability also known as Stored or Second-Order XSS. Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data...

Patch now! FatPipe VPN zero-day actively exploited

According to its marketing team, a FatPipe MPVPN can make your VPN "900% more secure." Well, I dont know about that, but I do know a way to make your MPVPN admin console 100% more secure, and that you should do so right away, by installing the latest version of its software. Why? Because older...

WordPress Backup Migration plugin <= 1.1.5 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Vlad Visse Patchstack in WordPress Backup Migration plugin versions = 1.1.5. Solution Update the WordPress Backup Migration plugin to the latest available version at least 1.1.6...

CVE-2021-26322

Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”...

Rocket.Chat: Persistent CSS injection with ’marked’ markdown parser in Rocket.Chat

Summary: Rocket.Chat offers two different markdown parsers out of the box: the ’orginal’ one and the ’marked’ one. Both markdown parsers offer a different set of features with different re- strictions. Due to more loose restrictions in the ’marked’ parser, a persistent CSS injection in the web...

PT-2021-17004 · Amd · 1St Gen Amd Epyc™ +49

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns a potential "two time pad attack" due to the persistent platform private key not being protected with a random IV. This could lead to security risks, but specific...

device-mapper-persistent-data bug fix and enhancement update

An update is available for device-mapper-persistent-data. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, se...

CVE-2021-42078

PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting XSS, as demonstrated by the /server/ajax/eventsmanager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the sit...

OESA-2021-1420 rubygem-excon security update

EXtended https CONnections. Security Fixes: In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from...

Payment Terminal 2.x / 3.x Cross Site Scripting

Document Title: =============== Payment Terminal 2.x & v3.x - Multiple XSS Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2280 Release Date: ============= 2021-11-05 Vulnerability Laboratory ID VL-ID:...

Payment Terminal 3.1 - (Multiple) Cross-Site Scripting Vulnerability

Exploit Title: Payment Terminal 3.1 - 'Multiple' Cross-Site Scripting XSS Exploit Author: Vulnerability Lab Vendor Homepage: https://www.criticalgears.com/ Software Link: https://www.criticalgears.com/product/authorize-net-payment-terminal/...

ImportExportTools NG 10.0.4 - HTML Injection Vulnerability

Exploit Title: ImportExportTools NG 10.0.4 - HTML Injection Date: 2021-11-05 Exploit Author: Vulnerability Lab Vendor Homepage: https://github.com/thundernest/import-export-tools-ng Software Link: https://addons.thunderbird.net/en-US/thunderbird/addon/importexporttools-ng/ Version: 10.0.4 Tested...

Simplephpscripts Simple CMS 2.1 - (Multiple) Stored Cross-Site Scripting Vulnerability

Exploit Title: Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting XSS Vendor Homepage: https://simplephpscripts.com/simple-cms-php Version: 2.1 Product & Service Introduction: =============================== The system could be used only in already existing websites to contr...

Ultimate POS 4.4 - (name) Cross-Site Scripting Vulnerability

Exploit Title: Ultimate POS 4.4 - 'name' Cross-Site Scripting XSS Vendor Homepage: https://ultimatefosters.com/docs/ultimatepos/ Version: 4.4 Product & Service Introduction: =============================== The Ultimate POS is a erp, stock management, point of sale & invoicing web-application. The...

PHPJabbers Simple CMS 5 - (name) Persistent Cross-Site Scripting Vulnerability

Exploit Title: PHPJabbers Simple CMS 5 - 'name' Persistent Cross-Site Scripting XSS Google Dork: subtitle:Copyright © 2021 PHPJabbers.com Date: 2021-10-28 Exploit Author: Vulnerability-Lab Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/...

PHP Melody 3.0 - Persistent Cross-Site Scripting (XSS)

Exploit Title: PHP Melody 3.0 - Persistent Cross-Site Scripting XSS Date: 2021-10-21 Exploit Author: Vulnerability Lab Vendor Homepage: https://www.phpsugar.com/phpmelody.html Document Title: =============== PHP Melody v3.0 - Editor Persistent XSS Vulnerability References Source:...

WordPress Hotel Listing 3 Plugin - (Multiple) Cross-Site Scripting Vulnerability

Exploit Title: WordPress Plugin Hotel Listing 3 - 'Multiple' Cross-Site Scripting XSS Exploit Author: Vulnerability Lab Vendor Homepage: https://hotel.eplug-ins.com/ Software Link: https://hotel.eplug-ins.com/hoteldoc/ Version: v3 Document Title: =============== Hotel Listing WP Plugin v3.x -...

PHP Melody 3.0 - Persistent Cross-Site Scripting Vulnerability

Exploit Title: PHP Melody 3.0 - Persistent Cross-Site Scripting XSS Vendor Homepage: https://www.phpsugar.com/phpmelody.html Document Title: =============== PHP Melody v3.0 - Editor Persistent XSS Vulnerability References Source: ====================...

PHPJabbers Simple CMS 5 Cross Site Scripting

Document Title: =============== PHPJabbers Simple CMS v5 - Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2300 Release Date: ============= 2021-10-28 Vulnerability Laboratory ID VL-ID: ====================================...