HackDig : Dig high-quality web security articles

Scraping Login Credentials With XSS

Unauthenticated JavaScript Fun In prior blog posts I’ve shown the types of weaponized XSS attacks one can perform against authenticated users, using their session to access and exfiltrate data, or perform actions in the application as that user. But what if you only have unauthenticated XSS? Perhaps your client hasn’t provided you with credent
Publish At:2022-07-07 11:04 | Read:317 | Comments:0 | Tags:Application Security Assessment Penetration Testing Red Team

BigBlueButton - Stored XSS in username (CVE-2022-31064)

CVE-2022-31064 - Stored Cross-Site Scripting in BigBlueButton.=========================Exploit Title: Stored Cross-Site Scripting (XSS) in BigBlueButtonProduct: BigBlueButtonVendor: BigBlueButtonVulnerable Versions: 2.3, <2.4.8, <2.5.0Tested Version: 2.4.7Advisory Publication: Jun 22, 2022Latest Update: Jun 22, 2022Vulnerability Type: Cross-Site Script
Publish At:2022-07-01 05:29 | Read:468 | Comments:0 | Tags: Xss

Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)

# Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS)vulnerability in SAP Focused Run (Real User Monitoring)## Impact on BusinessImpact depends on the victim's privileges. In most cases, a successfulattackallows an attacker to hijack a session, or force the victim to performundesired requestin SAP Focused Run.## Advisory Information- Public
Publish At:2022-06-21 13:30 | Read:1106 | Comments:0 | Tags: Xss Vulnerability security

Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad

# Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS)vulnerability in SAP Fiori launchpad## Impact on BusinessImpact depends on the victim's privileges. In most cases, a successfulattackallows an attacker to hijack a session, or force the victim to performundesiredrequests in the SAP System (CSRF) as well as redirected to arbitrary website(O
Publish At:2022-06-21 13:30 | Read:935 | Comments:0 | Tags: Xss Vulnerability security

Serious vulnerabilities found in ITarian software, patches available for SaaS products

Dutch research group DIVD has identified multiple vulnerabilities in ITarian products. In cooperation with DIVD, ITarian has made patches available to deal with these vulnerabilities for its SaaS platform. Software as a service (SaaS) is a software distribution model in which a cloud provider hosts applications and makes them available to end users over t
Publish At:2022-06-13 09:01 | Read:1108 | Comments:0 | Tags:Exploits and vulnerabilities cve-2022-25151 cve-2022-25152 c

LiquidFiles - 3.4.15 - Stored XSS - CVE-2021-30140

=====[ Tempest Security Intelligence - ADV-12/2021]==========================LiquidFiles - 3.4.15Author: Rodolfo TavaresTempest Security Intelligence - Recife, Pernambuco - Brazil=====[ Table of Contents]================================================== * Overview * Detailed description * Timeline of disclosure * Thanks & Acknowledgements * References==
Publish At:2022-05-18 18:30 | Read:1205 | Comments:0 | Tags: Xss

Gmail-linked Facebook accounts vulnerable to attack using a chain of bugs—now fixed

A security researcher has disclosed how he chained together multiple bugs in order to take over Facebook accounts that were linked to a Gmail account. Youssef Sammouda states it was possible to target all Facebook users but that it was more complicated to develop an exploit, and using Gmail was actually enough to demonstrate the impact of his discoveries.
Publish At:2022-05-17 16:57 | Read:1101 | Comments:0 | Tags:Exploits and vulnerabilities CAPTCHA csrf facebook gmail ifr

A stored XSS flaw in RainLoop allows stealing users’ emails

Experts disclose an unpatched vulnerability in the RainLoop webmail client, tracked as CVE-2022-29360, that can be exploited to steal users’ emails. RainLoop is an open-source web-based email client used by thousands of organizations, which is affected by a vulnerability, tracked as CVE-2022-29360, that can be exploited to steal users’ emails.
Publish At:2022-04-22 10:22 | Read:2068 | Comments:0 | Tags:Breaking News Hacking hacking news information security news

Persisting XSS With IFrame Traps

h1>XSS Iframe Traps Longer Running XSS Payloads An issue with cross-site scripting (XSS) attacks is that our injected JavaScript might not run for an extended period of time. It may be a reflected XSS vulnerability where we’ve tricked our user into clicking a link, but when they land on the page where we were able to inject our malicious JavaScri
Publish At:2022-04-14 12:00 | Read:2101 | Comments:0 | Tags:Penetration Testing Red Team Adversarial Attack Simulation S

Delta Controls enteliTOUCH 3.40.3935 Cross-Site Scripting (XSS)

Title: Delta Controls enteliTOUCH 3.40.3935 Cross-Site Scripting (XSS) Advisory ID: ZSL-2022-5703 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 14.04.2022SummaryenteliTOUCH - Touchscreen Building Controller. Get instantaccess to the heart of your BAS. The en
Publish At:2022-04-14 07:10 | Read:1719 | Comments:0 | Tags: Xss

Backdoor.Win32.Chubo.c / Cross Site Scripting (XSS)

pre>Discovery / credits: Malvuln - malvuln.com (c) 2022Original source:https://malvuln.com/advisory/c16b04a9879896ef453a6deb13528087_B.txtContact: malvuln13 () gmail comMedia: twitter.com/malvulnThreat: Backdoor.Win32.Chubo.cVulnerability: Cross Site Scripting (XSS)Family: ChuboType: Web PanelMD5: c16b04a9879896ef453a6deb13528087Vuln ID: MVID-2022-0528Disclo
Publish At:2022-03-28 22:36 | Read:626 | Comments:0 | Tags: Xss

ICT Protege GX/WX 2.08 Authenticated Stored XSS Vulnerability

Title: ICT Protege GX/WX 2.08 Authenticated Stored XSS Vulnerability Advisory ID: ZSL-2022-5699 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 21.03.2022SummaryProtege GX is an enterprise level integrated access control, intrusiondetection and b
Publish At:2022-03-21 09:10 | Read:1615 | Comments:0 | Tags: Xss Vulnerability

[CVE-2021-42063] SAP Knowledge Warehouse <= 7.50 "SAPIrExtHelp" Reflected XSS

RCE Security Advisoryhttps://www.rcesecurity.com1. ADVISORY INFORMATION=======================Product: SAP Knowledge WarehouseVendor URL: https://help.sap.com/viewer/816f1f952d244bbf9dd5063e2a0e66b0/7.5.21/en-US/4dc9605e4a9d6522e10000000a15822b.htmlType: Cross-Site Scripting [CWE-79]Date found: 2021-09-21Date published: 2022-03-17CVS
Publish At:2022-03-21 02:32 | Read:1913 | Comments:0 | Tags: Xss

BuilderTorCTPHPRAT.b / Remote Persistent XSS

Discovery / credits: Malvuln - malvuln.com (c) 2022Original source:https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7_C.txtContact: malvuln13 () gmail comMedia: twitter.com/malvulnThreat: BuilderTorCTPHPRAT.bVulnerability: Remote Persistent XSSFamily: TorCTPHPRATType: WebUIMD5: 838f67d7a4b6824ec59892057aab3bb7 (Webremote TorCT Client.exe)MD5: dc40
Publish At:2022-03-21 02:32 | Read:2017 | Comments:0 | Tags: Xss

Hades RAT - Web Panel / Remote Persistent XSS

Discovery / credits: Malvuln - malvuln.com (c) 2022Original source:https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24_C.txtContact: malvuln13 () gmail comMedia: twitter.com/malvulnThreat: Hades RAT - Web PanelVulnerability: Remote Persistent XSSFamily: HadesType: WebUIMD5: c4cc1317aea42f7dd4a1b786c5278a24MD5: d1d082cbb2a394c8974e734e2ad9f226 (inde
Publish At:2022-03-15 02:32 | Read:556 | Comments:0 | Tags: Xss

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud