Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2023-44764: GitHub - sromanhu/ConcreteCMS-Stored-XSS---Site_Installation: Cross Site Scripting vulnerability in ConcreteCMS v.9.2.1 allows a local attacker to execute arbitrary code via a crafted script to the SI

A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SITE parameter from installation or in the Settings.

CVE
Open in Source
#xss#vulnerability#web#git#java#auth
CVE-2023-27448: WordPress MakeStories (for Google Web Stories) plugin <= 2.8.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <= 2.8.0 versions.

CVE-2023-44766: GitHub - sromanhu/ConcreteCMS-Stored-XSS---SEO: Cross Site Scripting vulnerability in ConcreteCMS v.9.2.1 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Header Ext

A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings.

Multi-factor authentication has proven it works, so what are we waiting for?

Categories: News Categories: Personal Amazon has announced it will require all privileged AWS to use MFA in the near future. Let's hope others follow. (Read more...) The post Multi-factor authentication has proven it works, so what are we waiting for? appeared first on Malwarebytes Labs.

Amazon Prime email scammer snatches defeat from the jaws of victory

Categories: News Categories: Scams A very convincing Amazon Prime scam landed in our mail server today and...went straight to spam. Here's why. (Read more...) The post Amazon Prime email scammer snatches defeat from the jaws of victory appeared first on Malwarebytes Labs.

CVE-2023-36465: Release v0.26.8 · decidim/decidim

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4.

Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike

Threat actors have been observed targeting semiconductor companies in East Asia with lures masquerading as Taiwan Semiconductor Manufacturing Company (TSMC) that are designed to deliver Cobalt Strike beacons. The intrusion set, per EclecticIQ, leverages a backdoor called HyperBro, which is then used as a conduit to deploy the commercial attack simulation software and post-exploitation toolkit.