329 matches found
WordPress Saan World Clock Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS)
Software Saan World Clock Type Plugin Vulnerable versions = 1.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0145 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID cb720ac68691 Credits Lana Codes Required...
A CISOs Practical Guide to Storage and Backup Ransomware Resiliency
One thing is clear. The "business value" of data continues to grow, making it an organization's primary piece of intellectual property. From a cyber risk perspective, attacks on data are the most prominent threat to organizations. Regulators, cyber insurance firms, and auditors are paying much...
CVE-2022-48110
CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who is addin...
UBUNTU-CVE-2022-48110
DISPUTED CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who...
CVE-2022-48110
CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who is addin...
Open redirect
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirectto with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker t...
jjsyw.cn Cross Site Scripting vulnerability OBB-3185823
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SaaS in the Real World: Who's Responsible to Secure this Data?
When SaaS applications started growing in popularity, it was unclear who was responsible for securing the data. Today, most security and IT teams understand the shared responsibility model, in which the SaaS vendor is responsible for securing the application, while the organization is responsible...
SaaS in the Real World: Who's Responsible to Secure this Data?
When SaaS applications started growing in popularity, it was unclear who was responsible for securing the data. Today, most security and IT teams understand the shared responsibility model, in which the SaaS vendor is responsible for securing the application, while the organization is responsible...
A Bootiful Podcast: Moderne founder Jon Schneider on OpenRewrite, modernizing code bases en masse, freedom and responsibility, and more
Hi, Spring fans! In this installment, Josh Long @starbuxman talks to Moderne @moderneinc founder Jon Schneider @jonkschneider on OpenRewrite, modernizing code bases en masse, freedom and responsibility, and more...
How to build a secure foundation for identity and access
The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Christina Richmond, a...
5 SaaS security best practices
Just about anywhere you look, organizations are relying on Software-as-a-Service SaaS apps like Dropbox and Hubspot to help power their businesses. With more SaaS apps, however, comes increased security risks. While SaaS is without a doubt the easiest and most accessible way for businesses to rea...
Qualys Broadens Security Offerings for Oracle Cloud Infrastructure
As organizations increase their use of public cloud platforms, they encounter cloud-specific security and compliance threats, which can be challenging to address without the right tools and processes. Organizations’ cloud security difficulties lie in two main areas: Lack of visibility into their...
hatmanntoene.de Cross Site Scripting vulnerability OBB-3073630
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
kernel: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 Remove WARNs that sanity check that KVM never lets a triple fault for L2 escape and incorrectly end up in L1. In normal operation, the sanity check is...
simwe.com Cross Site Scripting vulnerability OBB-3041901
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
lojavilla.com.br Cross Site Scripting vulnerability OBB-3037865
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Cloud Security Made Simple in New Guidebook For Lean Teams
Cloud computing was the lifeline that kept many companies running during the pandemic. But it was a classic case of medicine that comes with serious side effects. Having anywhere, anytime access to data and apps gives companies tremendous flexibility in a fast-changing world, plus the means to...
GHSA-4993-M7G5-R9HH etcd has no minimum password length
Vulnerability type Access Control Workarounds The etcdctl and etcd API do not enforce a specific password length during user creation or user password update operations. It is the responsibility of the administrator to enforce these requirements. Detail etcd does not perform any password length...
macdata.se Cross Site Scripting vulnerability OBB-2979099
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...