HackDig : Dig high-quality web security articles for hacker

FIBARO System Home Center v5.021 Remote File Include XSS

Title: FIBARO System Home Center v5.021 Remote File Include XSS Advisory ID: ZSL-2020-5563 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 22.03.2020SummaryImagine that you live in a house where everything happens by itself.FIBARO Smart Home take
Publish At:2020-03-22 14:49 | Read:149 | Comments:0 | Tags: Xss

Drupal addresses two XSS flaws by updating the CKEditor

Drupal developers released security updates for versions 8.8.x and 8.7.x that fix two XSS vulnerabilities affecting the CKEditor library. The Drupal development team has released security updates for versions 8.8.x and 8.7.x that address two XSS vulnerabilities that affect the CKEditor library. CKEditor is the far superior successor of FCKeditor, it i
Publish At:2020-03-20 07:06 | Read:227 | Comments:0 | Tags:Breaking News Security Drupal hacking news information secur

Drupal Updates CKEditor to Patch XSS Vulnerabilities

The developers of the Drupal content management system (CMS) announced on Wednesday that updates for versions 8.8.x and 8.7.x address a couple of vulnerabilities affecting the CKEditor library.CKEditor is a popular open source WYSIWYG editor that is highly configurable and has hundreds of features. Drupal uses CKEditor and it has decided to update it to vers
Publish At:2020-03-19 18:25 | Read:186 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Xss

Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution

Hello,Please find a text-only version below sent to security mailing lists.The HTML version on "Multiple vulnerabilities found in Zyxel CNMSecuManager" is posted here: https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html=== text-version of the advisory ===-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512## Advisory
Publish At:2020-03-15 12:22 | Read:311 | Comments:0 | Tags: Xss

XSSer v.1.8[3] - "The HiV€!" released

Hi FD,I am glad to present a new release of this tool: - https://xsser.03c8.net---------"Cross Site "Scripter" (aka XSSer) is an automatic -framework- todetect, exploit and report XSS vulnerabilities in web-basedapplications. It provides several options to try to bypass certainfilters and various special techniques for code injection."--
Publish At:2020-03-03 15:09 | Read:99 | Comments:0 | Tags: Xss

XSS plugin vulnerabilities plague WordPress users

byDanny BradburyThousands of active WordPress plugins have been hit with a swathe of cross-site scripting (XSS) vulnerabilities that could give attackers complete control of sites. One of the affected plugins was designed to work with the popular WordPress ecommerce system WooCommerce.Researchers at NinTechNet found a vulnerability in the WordPress Flexible
Publish At:2020-03-03 08:07 | Read:213 | Comments:0 | Tags:Security threats Vulnerability Async cross-site scripting Fl

CVE-2020-5497 - MITREid Connect XSS

MITREid Connect OpenID-Connect-Java-Spring-Server<https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server> version1.3.3 and earlier is vulnerable to Cross-Site Scripting; the users name isincluded in *topbar.tag* and *header.tag* without being sanitized. A usercan set their name to a value like:Test</script><script>alert(1)<
Publish At:2020-02-28 04:55 | Read:205 | Comments:0 | Tags: Xss

SEC Consult SA-20200225-0 :: Multiple Cross-site Scripting (XSS) Vulnerabilities in PHP-Fusion CMS

SEC Consult Vulnerability Lab Security Advisory < 20200225-0 >======================================================================= title: Multiple Cross-site Scripting (XSS) Vulnerabilities product: PHP-Fusion CMS vulnerable version: 9 - 9.03 fixed version: 9.03.30 CVE number: - impact: Medium
Publish At:2020-02-25 12:26 | Read:286 | Comments:0 | Tags: Xss

Cookie-nabbing app could have served users side helping of XSS

byDanny BradburyA popular GDPR compliance WordPress plugin vendor has patched a flaw that rendered both site visitors and admins vulnerable to cookie-stealing cross-site scripting (XSS) attacks.The GDPR Cookie Consent plugin, created by WebToffee, claims over 700,000 users. The plug-in is a notification app that begs you to accept cookies when you first visi
Publish At:2020-02-15 12:43 | Read:362 | Comments:0 | Tags:Security threats Cookie consent cookies cross-site scripting

Fifthplay S.A.M.I - Service And Management Interface Unauthenticated Stored XSS

Title: Fifthplay S.A.M.I - Service And Management Interface Unauthenticated Stored XSS Advisory ID: ZSL-2020-5561 Type: Local/Remote Impact: Cross-Site Scripting Risk: (4/5) Release Date: 28.01.2020SummaryFifthplay is a Belgian high-tech player and a subsidiary of Niko Gr
Publish At:2020-01-28 22:35 | Read:416 | Comments:0 | Tags: Xss

WEMS Enterprise Manager 2.58 (email) Reflected XSS

Title: WEMS Enterprise Manager 2.58 (email) Reflected XSS Advisory ID: ZSL-2019-5551 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 29.12.2019SummaryWEMS Enterprise Manager is a centralised management and monitoringsystem for many WEMS equipped
Publish At:2019-12-29 10:35 | Read:585 | Comments:0 | Tags: Xss

Carlo Gavazzi SmartHouse Webapp 6.5.33 CSRF/XSS Vulnerabilities

Title: Carlo Gavazzi SmartHouse Webapp 6.5.33 CSRF/XSS Vulnerabilities Advisory ID: ZSL-2019-5543 Type: Local/Remote Impact: Cross-Site Scripting Risk: (3/5) Release Date: 30.11.2019SummaryCarlo Gavazzi is an international company that develops, manufacturesand sells elec
Publish At:2019-11-30 22:35 | Read:750 | Comments:0 | Tags: Xss Csrf

XSS Flaw in Gmail's Dynamic Email Feature Earns Researcher $5,000

A researcher has earned $5,000 from Google for an interesting cross-site scripting (XSS) vulnerability found in the dynamic email feature added a few months ago to Gmail.The dynamic email feature, also known as Accelerated Mobile Pages (AMP) for email or AMP4Email, enables the use of dynamic HTML content in emails, allowing users to conduct various tasks dir
Publish At:2019-11-20 12:01 | Read:594 | Comments:0 | Tags:NEWS & INDUSTRY Vulnerabilities Xss

SEC Consult SA-20191014-0 :: Reflected XSS vulnerability in OpenProject

SEC Consult Vulnerability Lab Security Advisory < 20191014-0 >======================================================================= title: Reflected XSS vulnerability product: OpenProject vulnerable version: <= 9.0.3, <=10.0.1 fixed version: 9.0.4, 10.0.2 CVE number: CVE-2019-17092 impact: medium
Publish At:2019-10-18 10:50 | Read:868 | Comments:0 | Tags: Xss Vulnerability

Reflected XSS via Broken Link Checker v.1.11.8 WordPress Plugin

Document Title===============Reflected XSS via `Broken Link Checker` v.1.11.8 WordPress plugin.Product Description===============Broken Link Checker will monitor your blog looking for broken links and letyou know if any are found.Homepage: https://managewp.com/WordPress Plugin: https://wordpress.org/plugins/broken-link-checker/PoC===============1) Login to y
Publish At:2019-10-18 10:50 | Read:735 | Comments:0 | Tags: Xss

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud