BIT-PRESTASHOP-2023-30838 PrestaShop vulnerable to possible XSS injection through Validate::isCleanHTML method

PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the ValidateCore::isCleanHTML method of Prestashop misses hijackable events which can lead to cross-site scripting XSS injection, allowed by the presence of pre-setup @keyframes methods. This XSS, which...

CVE-2023-28345

An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application exposes the teacher's Console password in cleartext via an API endpoint accessible from localhost. Attackers with physical access to the Teacher Console can open a web browser, navigate to t...