Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

GHSA-jrvr-gmqv-hgrh: Subrion CMS is vulnerable to Cross-Site Scripting (XSS)

A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS in version 4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.

ghsa
Open in Source
#xss#vulnerability#web#git#intel
CVE-2022-32588: TALOS-2022-1544 || Cisco Talos Intelligence Group

An out-of-bounds write vulnerability exists in the PICT parsing pctwread_14841 functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-25932: TALOS-2022-1523 || Cisco Talos Intelligence Group

The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability.

CVE-2022-29888: TALOS-2022-1522 || Cisco Talos Intelligence Group

A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2022-28689: TALOS-2022-1521 || Cisco Talos Intelligence Group

A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2022-26023: TALOS-2022-1520 || Cisco Talos Intelligence Group

A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2022-43120: Cross Site Scripting (XSS) in Add Field Page · Issue #894 · intelliants/subrion

A cross-site scripting (XSS) vulnerability in the /panel/fields/add component of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Field default value text field.

CVE-2022-43121: Cross Site Scripting (XSS) in Members Add · Issue #895 · intelliants/subrion

A cross-site scripting (XSS) vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field.

Industrial Control Systems (ICS) Security Market Worth $23.7B by 2027, Report Says

The market growth is driven by the convergence of IT and OT systems. By region, North America is estimated to account for the largest market size during the forecast period.

APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network

The Russia-linked APT29 nation-state actor has been found leveraging a "lesser-known" Windows feature called Credential Roaming as part of its attack against an unnamed European diplomatic entity. "The diplomatic-centric targeting is consistent with Russian strategic priorities as well as historic APT29 targeting," Mandiant researcher Thibault Van Geluwe de Berlaere said in a technical write-up.