Tag: xss
-
Kentico Xperience CMS XSS Vulnerability Allows Remote Code Execution
by
in SecurityNewsKentico Xperience CMS, a widely used platform designed for enterprises and organizations, is under scrutiny after a vulnerability chain was discovered that exploits Cross-Site Scripting (XSS) to enable Remote Code Execution (RCE). This vulnerability was disclosed by researchers who demonstrated its potential harm through a detailed proof of concept. CVE-2025-2748: Cross-Site Scripting Vulnerability According to…
-
Unternehmen ertrinken in Software-Schwachstellen
by
in SecurityNews
Tags: ai, cve, cyersecurity, framework, open-source, risk, software, strategy, supply-chain, vulnerability, xssDie durchschnittliche Behebungszeit für Sicherheitslücken ist in den vergangenen fünf Jahren deutlich gestiegen. Laut dem aktuellen State of Software Security Report von Veracode ist die durchschnittliche Behebungszeit für Sicherheitslücken in den vergangenen fünf Jahren von 171 auf 252 Tage gestiegen.Darüber hinaus weist die Hälfte (50 Prozent) der Unternehmen inzwischen eine risikoreiche “Sicherheitsschuld” auf, die länger…
-
Companies are drowning in high-risk software security debt, and the breach outlook is getting worse
by
in SecurityNewsFlaw prevalence: Leading organizations have flaws in fewer than 43% of applications, while lagging organizations exceed 86%.Fix capacity: Leaders resolve over 10% of flaws monthly, whereas laggards address less than 1%.Fix speed: Top performers remediate half of flaws in five weeks; lower-performing organizations take longer than a year.Security debt prevalence: Less than 17% of applications…
-
Over 350 High-Profile Websites Hit by 360XSS Attack
by
in SecurityNews360XSS campaign exploits Krpano XSS to hijack search results & distribute spam ads on 350+ sites, including government,… First seen on hackread.com Jump to article: hackread.com/over-350-high-profile-websites-hit-by-360xss-attack/
-
Dalfox: Open-source XSS scanner
by
in SecurityNewsDalFox is an open-source tool for automating the detection of XSS vulnerabilities. With powerful testing capabilities and a wide range of features, it makes scanning, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/26/dalfox-open-source-xss-scanner/
-
Essential Addons for Elementor XSS Vulnerability Discovered
by
in SecurityNewsElementor plugin flaw puts 2m WordPress websites at risk, allowing XSS attacks via malicious scripts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/elementor-plugin-vulnerability-2m/
-
Over 12,000 KerioControl firewalls remain prone to RCE attacks amid active exploits
by
in SecurityNewsThe flaw enables one-click RCE: The Kerio Control vulnerability, in conjunction with an older vulnerability, can allow escalating the issue into a one-click RCE attack, granting root access to the firewall system. The flaw has persisted for nearly seven years, affecting versions 9.2.5 (released in 2018) to 9.4.5.According to Romano’s POC, the exploit would include…
-
Over 12,000 KerioControl firewalls remain prone to RCE attack amid active exploits
by
in SecurityNewsThe flaw enables one-click RCE: The Kerio Control vulnerability, in conjunction with an older vulnerability, can allow escalating the issue into a one-click RCE attack, granting root access to the firewall system. The flaw has persisted for nearly seven years, affecting versions 9.2.5 (released in 2018) to 9.4.5.According to Romano’s POC, the exploit would include…
-
Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities
by
in SecurityNewsZimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions.The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service…
-
Roundcube XSS Flaw Allows Attackers to Inject Malicious Files
by
in SecurityNewsA critical Cross-Site Scripting (XSS) vulnerability has been discovered in the popular open-source webmail client,Roundcube, potentially exposing users to serious security risks. Tracked as CVE-2024-57004, the flaw affects Roundcube Webmail version 1.6.9 and allows remote authenticated users to upload malicious files disguised as email attachments. Once the malicious file is uploaded, the vulnerability can be triggered when the…
-
TP-Link Router Web Interface XSS Vulnerability PoC Exploit Released
by
in SecurityNewsA recently discovered Cross-site Scripting (XSS) vulnerability, CVE-2024-57514, affecting the TP-Link Archer A20 v3 Router has raised security concerns among users. The flaw CVE-2024-57514, identified in firmware version 1.0.6 Build 20231011 rel.85717(5553), allows attackers to execute arbitrary JavaScript code through the router’s web interface, potentially leading to malicious exploitation. Discovery of the Vulnerability The vulnerability stems…
-
GitLab Security Update Patch for Multiple Vulnerabilities
by
in SecurityNewsGitLab, the widely adopted DevOps platform, has announced the immediate release ofversions 17.8.1, 17.7.3, and 17.6.4for both its Community Edition (CE) and Enterprise Edition (EE). These updates address multiple security vulnerabilities and provide critical fixes, underscoring GitLab’s commitment to maintaining the highest security standards. The vulnerabilities addressed in these updates include a high-severityStored XSS via…
-
Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks
by
in SecurityNewsA new report has put the spotlight on potential security vulnerabilities within the popular open-source framework Next.js, demonstrating how improper caching mechanisms can lead to critical server-side cache poisoning attacks. Developed by Vercel, Next.js remains a cornerstone for building server-rendered React applications; however, its popularity has also made it a lucrative target for threat actors.…
-
IBM Watsonx.ai Vulnerability Let Attackers Trigger XSS Attacks
by
in SecurityNewsA recently disclosed vulnerability, identified as CVE-2024-49785, has been found in IBM watsonx.ai, including its integration with IBM Cloud Pak for Data. This vulnerability exposes users to cross-site scripting (XSS) attacks, potentially compromising sensitive information. IBM Watsonx.ai Vulnerability The issue arises from improper input neutralization in the Web UI of IBM watsonx.ai. Authenticated users can exploit this flaw…
-
Malware targets Mac users by using Apple’s security tool
by
in SecurityNewsA variant of the Banshee macOS infostealer was seen duping detection systems with new string encryption copied from Apple’s in-house algorithm.A Check Point research, which caught the variant after two months of successful evasion, said threat actors distributed Banshee using phishing websites and fake GitHub repositories, often impersonating popular software like Google Chrome, Telegram, and…
-
MobSF XSS Vulnerability Let Attackers Inject Malicious Scripts
by
in SecurityNewsA critical vulnerability has been identified in the Mobile Security Framework (MobSF) that allows attackers to inject malicious scripts into the system. This vulnerability, CVE-2024-53999 is a Stored Cross-Site Scripting (XSS) flaw found in the >>Diff or Compare
-
VMware fixed five vulnerabilities in Aria Operations product
by
in SecurityNewsVirtualization giant VMware addressed multiple vulnerabilities in its Aria Operations product that can led to privilege escalation and XSS attacks. VMware released security updates to address five vulnerabilities in its Aria Operations product. Aria Operations (formerly known as VMware vRealize Operations) is a comprehensive cloud management and operations platform developed by VMware. It is designed…
-
XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests
by
in SecurityNewsA significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute malicious JavaScript and send crafted requests to interconnected Microsoft applications like Outlook, OneDrive, and Copilot. The exploit leveraged the trust placed in Bing’s root domain (www.bing.com) as an allowed origin across Microsoft’s ecosystem, posing a significant security risk. The Research…
-
Sonatype Nexus Repository Manager Hit by RCE XSS Vulnerability
by
in SecurityNewsSonatype, the company behind the popular Nexus Repository Manager, has issued security advisories addressing two critical vulnerabilities affecting Nexus Repository 2.x OSS/Pro versions. These vulnerabilities, identified as CVE-2024-5082 and CVE-2024-5083, could potentially allow attackers to exploit the system through remote code execution (RCE) and cross-site scripting (XSS) attacks. All previous versions up to and including 2.15.1 are affected,…
-
Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials
by
in SecurityNewsUnknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a … First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/hackers-exploit-roundcube-webmail-xss.html
-
GitLab Patches HTML Injection Flaw Leads to XSS Attacks
GitLab has announced the release of critical security updates for its Community Edition (CE) and Enterprise Edition (EE). The updates address a high-s… First seen on gbhackers.com Jump to article: gbhackers.com/gitlab-patches-html-injection-flaw/
-
DEF CON 32 AppSec Village Securing Frontends at Scale;Paving our Way to Post XSS World
by
in SecurityNewsAuthors/Presenters:Jen Ozmen, Aaron Shim Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely DEF CON 32 erudit… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/def-con-32-appsec-village-securing-frontends-at-scalepaving-our-way-to-post-xss-world/
-
Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)
by
in SecurityNewsAttackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country,… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/22/cve-2024-37383-exploited/
-
Roundcube credentials targeted via patched XSS vulnerability
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/roundcube-credentials-targeted-via-patched-xss-vulnerability
-
Roundcube Webmail Vulnerability Exploited in Government Attack
by
in SecurityNewsAn XSS vulnerability in Roundcube Webmail has been targeted for code execution against a governmental organization in a CIS country. The post Roundcub… First seen on securityweek.com Jump to article: www.securityweek.com/roundcube-webmail-vulnerability-exploited-in-government-attack/
-
WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitra… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/wordpress-litespeed-cache-plugin.html
-
XSS attacks possible with LiteSpeed Cache plugin vulnerability
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/xss-attacks-possible-with-litespeed-cache-plugin-vulnerability
-
Litespeed Cache Plugin Flaw Allows XSS Attack, Update Now
by
in SecurityNewsFirst seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/litespeed-cache-plugin-flaw-allows/
-
CISA and FBI Issue Alert on XSS Vulnerabilities
by
in SecurityNewsCross-site scripting (XSS) vulnerabilities continue to be a major concern in today’s software landscape, despite being preventable. CISA and FBI have … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/cisa-and-fbi-issue-alert-on-xss-vulnerabilities/
-
CISA Urges Software Makers to Eliminate XSS Flaws
by
in SecurityNewsThe latest Secure by Design alert from CISA outlines recommended actions security teams should implement to reduce the prevalence of cross-site script… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/cisa-urges-software-makers-eliminate-xss-flaws