HackDig : Dig high-quality web security articles for hackers

Navy Federal Reflective Cross Site Scripting (XSS)

Vendor-------------------------------------------------Navy Federal - (https://www.navyfederal.org/Product-------------------------------------------------Front pubic facing applicationCredit-------------------------------------------------Arthrocyberhttp://arthrocyber.com/research/#finding_7David ReyesVulnerability Summary-----------------------------------
Publish At:2020-09-18 16:33 | Read:109 | Comments:0 | Tags: Xss

Drupal addressed XSS and information disclosure flaws

Drupal maintainers addressed several information disclosure and cross-site scripting (XSS) flaws in the popular content management system (CMS). Drupal maintainers addressed several information disclosure and cross-site scripting (XSS) vulnerabilities in the popular content management system (CMS). The most severe issue, tracked as CVE-2020-13668, is a
Publish At:2020-09-17 14:35 | Read:108 | Comments:0 | Tags:Breaking News Hacking Drupal hacking news information disclo

Information Disclosure, XSS Vulnerabilities Patched in Drupal

Several information disclosure and cross-site scripting (XSS) vulnerabilities, including one rated critical, have been patched this week in the Drupal content management system (CMS).The most serious of the flaws is CVE-2020-13668, a critical XSS issue affecting Drupal 8 and 9. It’s worth noting that Drupal uses the NIST Common Misuse Scoring System to deter
Publish At:2020-09-17 11:48 | Read:141 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Xss

SEC Consult SA-20200728-0 :: Stored Cross-Site Scripting (XSS) Vulnerability in Namirial SIGNificant SignAnyWhere

SEC Consult Vulnerability Lab Security Advisory < 20200728-0 >======================================================================= title: Stored Cross-Site Scripting (XSS) Vulnerability product: Namirial SIGNificant SignAnyWhere vulnerable version: v6.10.60.25434 (SSP v4.22.60.25434) v6.10.100.25817 (SSP v
Publish At:2020-07-29 15:35 | Read:183 | Comments:0 | Tags: Xss Vulnerability

KingComposer fixes a reflected XSS impacting 100,000 WordPress sites

An XSS vulnerability in the KingComposer page builder for WordPress impacts 100,000 websites using the WordPress plugin.  Researchers at Wordfence Threat Intelligence team discovered a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2020-15299, in the KingComposer WordPress plugin that potentially impacts 100,000 websites.  KingCompo
Publish At:2020-07-10 09:25 | Read:339 | Comments:0 | Tags:Breaking News Hacking Security information security news IT

CVE-2019-19935 - DOM XSS in Froala WYSIWYG HTML Editor

############################################################### COMPASS SECURITY ADVISORY# https://www.compass-security.com/research/advisories/################################################################ Product: Froala WYSIWYG HTML Editor# Vendor: Froala# CSNC ID: CSNC-2020-004# CVE ID: CVE-2019-19935# Subject: DOM XSS in Froala WYSIWYG HTML Edi
Publish At:2020-07-03 13:50 | Read:1502 | Comments:0 | Tags: Xss

SEC Consult SA-20200701-0 :: Reflected Cross-Site Scripting (XSS) in EQDKP Plus CMS

SEC Consult Vulnerability Lab Security Advisory < 20200701-0 >======================================================================= title: Reflected Cross-Site Scripting (XSS) Vulnerability product: EQDKP Plus CMS vulnerable version: <= 2.3.29 fixed version: 2.3.30 CVE number: - impact: Low
Publish At:2020-07-01 17:05 | Read:300 | Comments:0 | Tags: Xss

WebUntis: Stored XSS (Filter Bypass)

I. VULNERABILITY-------------------------WebUntis 2020.12.1 - (Authenticated) Cross Site ScriptingII. BACKGROUND-------------------------WebUntis is a tool for schools and universities to deliver electronic timetables to their students. Depending from the activated modules it does also contain sensitive information within the integrated class-register and gr
Publish At:2020-06-09 16:11 | Read:445 | Comments:0 | Tags: Xss

SuperBackup v2.0.5 iOS - (VCF) Persistent XSS Vulnerability

Document Title:===============SuperBackup v2.0.5 iOS - (VCF) Persistent XSS VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2202Release Date:=============2020-04-15Vulnerability Laboratory ID (VL-ID):====================================2202Common Vulnerability Scoring System:==========================
Publish At:2020-04-15 08:11 | Read:916 | Comments:0 | Tags: IOS Xss Vulnerability

WSO2 API Manager Stored XSS Vulnerabilty

Document Title:===============WSO2 API Manager Stored XSS VulnerabilityCommon Vulnerability Scoring System:====================================5.4CVE :===================N/ASecurity Advisory :===================https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0700Latest Release after Fixing Vuln:===================================V 3.1.0 (h
Publish At:2020-04-14 16:43 | Read:826 | Comments:0 | Tags: Xss

SEC Consult SA-20200407-0 :: Multiple XSS vulnerabilities in TAO Open Source Assessment Platform

SEC Consult Vulnerability Lab Security Advisory < 20200407-0 >======================================================================= title: Multiple XSS vulnerabilities product: TAO Open Source Assessment Platform vulnerable version: 3.3.0 RC2 fixed version: - CVE number: - impact: medium home
Publish At:2020-04-07 12:33 | Read:578 | Comments:0 | Tags: Xss

Tricks for Weaponizing XSS

In this blog post, we will look at some simple JavaScript tricks for creating weaponized cross-site scripting (XSS) payloads. If less reading more videoing is your thing, watch this topic in webinar form here: https://www.trustedsec.com/events/webinar-popping-shells-instead-of-alert-boxes-weaponizing-xss-for-fun-and-profit/ Often, penetration testers
Publish At:2020-03-30 11:22 | Read:603 | Comments:0 | Tags:Application Security Assessment Penetration Testing Xss

FIBARO System Home Center v5.021 Remote File Include XSS

Title: FIBARO System Home Center v5.021 Remote File Include XSS Advisory ID: ZSL-2020-5563 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 22.03.2020SummaryImagine that you live in a house where everything happens by itself.FIBARO Smart Home take
Publish At:2020-03-22 14:49 | Read:927 | Comments:0 | Tags: Xss

Drupal addresses two XSS flaws by updating the CKEditor

Drupal developers released security updates for versions 8.8.x and 8.7.x that fix two XSS vulnerabilities affecting the CKEditor library. The Drupal development team has released security updates for versions 8.8.x and 8.7.x that address two XSS vulnerabilities that affect the CKEditor library. CKEditor is the far superior successor of FCKeditor, it i
Publish At:2020-03-20 07:06 | Read:799 | Comments:0 | Tags:Breaking News Security Drupal hacking news information secur

Drupal Updates CKEditor to Patch XSS Vulnerabilities

The developers of the Drupal content management system (CMS) announced on Wednesday that updates for versions 8.8.x and 8.7.x address a couple of vulnerabilities affecting the CKEditor library.CKEditor is a popular open source WYSIWYG editor that is highly configurable and has hundreds of features. Drupal uses CKEditor and it has decided to update it to vers
Publish At:2020-03-19 18:25 | Read:696 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Xss

Tools

Tag Cloud