c-mirai.org Cross Site Scripting vulnerability OBB-3689851

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

aristocratflower.ru Cross Site Scripting vulnerability OBB-3683716

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

winkelled.com Cross Site Scripting vulnerability OBB-3678078

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The main causes of ransomware reinfection

A few months ago, we wrote about a ransomware reinfection incident. Ransomware reinfection arguably could be even worse than being a first time victim. Unfortunately it happens more often than you may think. Research shows that in 2022, more than a third 38% of surveyed organizations fell victim ...

PT-2023-26657 · Decode · Openstamanager

Name of the Vulnerable Software and Affected Versions: DevCode OpenSTAManager versions 2.4.24 through 2.4.47 Description: A reflected cross-site scripting XSS vulnerability may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload...

knitterchat.com Cross Site Scripting vulnerability OBB-3627592

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2023-26615 · Netis Systems · Netis Systems Wf2409E

Name of the Vulnerable Software and Affected Versions: NETIS SYSTEMS WF2409E version 3.6.42541 Description: An issue in the diagnostic tools component of the admin management interface allows a remote attacker to execute arbitrary code via the ping and traceroute functions. Recommendations: For...

PT-2023-27688 · Tenda · Tenda Ac8

Name of the Vulnerable Software and Affected Versions: Tenda AC8 version US AC8V4.0si V16.03.34.06 cn Description: A stack overflow issue was discovered via the parameter list at the "/goform/SetStaticRouteCfg" API endpoint. This issue affects the Tenda AC8 router. Recommendations: For Tenda AC8...

PT-2023-4809 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.9 XWiki Platform versions prior to 15.4RC1 Description: The create action in XWiki Platform is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with...

SUSE CVE-2023-39953

useroidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also...

Cloudflare Tunnel increasingly abused by cybercriminals

Cloudflare Tunnel provides you with a secure way to connect your resources to Cloudflare without a publicly routable IP address. Cybercriminals are increasingly using this service to keep their activities from being detected. Cloudflare Tunnel, also known by its executable name, Cloudflared,...

CVE-2023-39518 social-media-skeleton stored Cross-site Scripting vulnerability

social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3...

PT-2023-26601 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 5.0.0 Description: A SQL injection issue allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the "/QueryView.php" API endpoint. Recommendations: For ChurchCRM version 5.0.0,...

PT-2023-26078 · Unknown · Maid Hiring Management System

Name of the Vulnerable Software and Affected Versions: Maid Hiring Management System version 1.0 Description: The issue is related to a SQL injection vulnerability found in the Search Maid page. This vulnerability could potentially allow unauthorized access to sensitive data. Recommendations: For...

CVE-2023-38695 cypress-image-snapshot vulnerable to insecure snapshot file names

cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in...

PT-2023-5758 · Unknown · Connected Io

Name of the Vulnerable Software and Affected Versions: Connected IO versions 2.1.0 and prior Description: The issue is related to an argument injection vulnerability in the iptables command message of the communication protocol. This vulnerability enables attackers to execute arbitrary OS command...

Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild

The Cybersecurity and Infrastructure Security Agency CISA added one new vulnerability to its Known Exploited Vulnerabilities Catalog affecting Ivanti Endpoint Manager Mobile, based on evidence of active exploitation. All Federal Civilian Executive Branch FCEB agencies must remediate this...

okfish.cz Cross Site Scripting vulnerability OBB-3552557

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

EulerOS Virtualization 3.0.6.6 : git (EulerOS-SA-2023-2424)

According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes c...

WordPress Meta Tag Manager Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Meta Tag Manager Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID b76d2247c311 Credits Rafie Muhammad Patchstack Required...