Cups Easy cross-site scripting vulnerability (CNVD-2024-11146)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/statelist.php page. An attacker could us...

Cups Easy cross-site scripting vulnerability (CNVD-2024-11132)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the currencyid parameter on the /cupseasylive/currencymodify.php page. An attacker coul...

Cups Easy 跨站脚本漏洞

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from a failure to adequately escape the description parameter on the /cupseasylive/taxstructuredisplay.php page. An...

Cups Easy 跨站脚本漏洞

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the currencyid parameter on the /cupseasylive/currencymodify.php page. An attacker coul...

FeehiCMS Arbitrary File Upload Vulnerability (CNVD-2023-58819)

FeehiCMS is a Php-based CMS builder. FeehiCMS version 2.0.8 has an arbitrary file upload vulnerability that can be exploited by remote attackers to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component...

GHSA-96XV-RMWJ-6P9W Grav Server-side Template Injection (SSTI) via Twig Default Filters

Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection SSTI via Insufficient Validation in filterFilter Summary: | Product | Grav CMS | | ----------------------- | --------------------------------------------...

New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed i...

Debian: Security Advisory (DSA-2103-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. A cross-site scripting vulnerability exists in FlatPress versions prior to 1.3. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. A cross-site scripting vulnerability exists in FlatPress versions prior to 1.3. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability

A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to ...

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blogging system from the FlatPress community that does not require database support. A cross-site scripting vulnerability exists in FlatPress, which stems from a problem with an unknown part of the admin/panels/entry/admin.entry.list.php file in the Admin Area component...

CVE-2022-23502 TYPO3 contains Insufficient Session Expiration after Password Reset

TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both...

KLiK SocialMediaWebsite SQL Injection Vulnerability

KLiK SocialMediaWebsite is a simple PHP based social media website by Muhammad Saad personal developer. KLiK SocialMediaWebsite v1.0.1 suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in "profile.php". The vulnerability can be...

FeehiCMS Cross-Site Scripting Vulnerability (CNVD-2022-78143)

FeehiCMS is a Php-based CMS website builder for individual developers. feehiCMS version v2.1.1 has a security vulnerability that originates from an id parameter on /web/admin/index.php?r=log/view-layer found to contain a reflective cross-site scripting XSS vulnerability. No detailed vulnerability...

A week in security (October 17 - 23)

Last week on Malwarebytes Labs: Thermal cameras could help reveal your password How to spot a scam Warning: "FaceStealer" iOS and Android apps steal your Facebook login Criminal group busted after stealing hundreds of keyless cars Fake tractor fraudsters plague online transactions DeadBolt...

FeehiCMS Cross-Site Scripting Vulnerability

FeehiCMS is a Php-based CMS builder by Liufee's personal developer. feehiCMS version v2.1.1 has a security vulnerability that stems from the ability to inject carefully crafted payloads via the comment box under the single page module. No detailed vulnerability details are currently available...

Textpattern CMS Information Disclosure Vulnerability

Textpattern CMS is a Php-based content management system from the Textpattern team. An information disclosure vulnerability exists in Textpattern CMS v4.8.7 and prior versions, which stems from the application transmitting cookies used in HTTPS session transfers in plaintext. An attacker can...

FlatPress Cross-Site Scripting Vulnerability (CNVD-2022-58896)

Flatpress is a blog builder based on Php without database support from the Flatpress community. A cross-site scripting vulnerability exists in FlatPress version 1.2.1. An attacker can exploit this vulnerability to execute arbitrary JavaScript commands via blog content...

HelpDeskZ cross-site scripting vulnerability (CNVD-2022-59046)

HelpDeskZ is a PHP-based software that allows you to manage your site's support using a web-based support ticket system. Provides quality support. A cross-site scripting vulnerability exists in HelpDeskZ version v2.0.2, which stems from a lack of parameter filtering and escaping in...