CISA Releases Advisory Detailing Red Team Activity During Assessment of US FCEB Organization, Highlighting Necessity of Defense-in-Depth

Today, CISA released CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth in coordination with the assessed organization. This Cybersecurity Advisory CSA details key findings and lessons learned from a 2023 assessment,...

Design/Logic Flaw

CSV Injection vulnerability in Activity Log Team Activity Log = 2.8.3 on WordPress...

CVE-2022-27858 WordPress Activity Log plugin <= 2.8.3 - CSV Injection vulnerability

CSV Injection vulnerability in Activity Log Team Activity Log = 2.8.3 on WordPress...

CVE-2022-27858

CVE-2022-27858 refers to a CSV injection vulnerability in the WordPress plugin Activity Log (Team Activity Log) versions ≤ 2.8.3. The weakness stems from the plugin not validating data before exporting to CSV, enabling injection in CSV fields. Impact is described as CSV injection; remediation is ...