Infosoftbd Clcknshop Cross-Site Scripting Vulnerability

Infosoftbd Clcknshop is a multi-tenant/multi-tenant SAAS based e-commerce platform from Infosoftbd. A cross-site scripting vulnerability exists in Infosoftbd Clcknshop that stems from the fact that incorrect manipulation of the parameter q can lead to cross-site scripting...

ERPGo SaaS 3.9 - CSV Injection Vulnerability

Exploit Title: ERPGo SaaS 3.9 - CSV Injection Exploit Author: Sajibe Kanti Vendor Name: RajodiyaInfotech Vendor Homepage: https://rajodiya.com/ Software Link: https://codecanyon.net/item/erpgo-saas-all-in-one-business-erp-with-project-account-hrm-crm-pos/33263426 Version: 3.9 Tested on: Windows &...

Serious vulnerabilities found in ITarian software, patches available for SaaS products

Dutch research group DIVD has identified multiple vulnerabilities in ITarian products. In cooperation with DIVD, ITarian has made patches available to deal with these vulnerabilities for its SaaS platform. Software as a service SaaS is a software distribution model in which a cloud provider hosts...

CVE-2021-42951

A Remote Code Execution RCE vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm...

Shopmetrics Mystery Shopping Software Broken Access Control / XSS Vulnerability

======================================================================= title: Broken access control & Cross-Site Scripting product: Shopmetrics Mystery Shopping Software vulnerable version: SaaS platform before v21-11 fixed version: SaaS platform v21-11 CVE number: n/a for SaaS impact: Critical...

Oracle WebLogic Detection and Mitigation

We review 2020 and 2021 Oracle WebLogic vulnerabilities and how using a unified SaaS platform can help you detect and mitigate these sophisticated risks...

Denial of Service in chatwoot/chatwoot

The extractreply function https://github.com/chatwoot/chatwoot/blob/a0ffefad717b632269883863c27242bb97d3b66d/app/presenters/mailpresenter.rbL105 is highly inefficient on HTML emails. A legitimate LinkedIn email has 20kb of HTML content which takes a minute or two to process through that function,...

What’s Next for T-Mobile and Its Customers? – Podcast

What’s the opposite of a resilient operation? It’s when your wireless carrier gets breached for the sixth time in a few years, you try to change your PIN online, and the site tells you “No can do.” As of Wednesday, T-Mobile had confirmed its sixth breach over the last three years. The purported...

Salesforce Release Updates — A Cautionary Tale for Security Teams

On the surface, Salesforce seems like a classic Software-as-a-Service SaaS platform. Someone might even argue that Salesforce invented the SaaS market. However, the more people work with the full offering of Salesforce, the more they realize that it goes beyond a traditional SaaS platform's...

Five Cloud Migration Strategies for Applications

Regardless of your current IT environment or your vision for migrating to the cloud, numerous strategies exist that can accommodate your cloud-migration approach. Fortunately, this range of options allows you to proceed with caution while making progress toward your ultimate objective. Always kee...

Docebo LMS v6.9 - (Localization) Persistent Vulnerability

Document Title: =============== Docebo LMS v6.9 - Localization Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1880 Release Date: ============= 2016-12-21 Vulnerability Laboratory ID VL-ID: ==================================== 18...