Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Associated Press, ESPN, CBS among top sites serving fake virus alerts

A fake antivirus alert may suddenly hijack your screen while browsing. This latest malvertising campaign hit top publishers.

Malwarebytes
Open in Source
#vulnerability#web#ios#android#mac#windows#apple#google#js#java#php#chrome
Deluge of Nearly 300 Fake Apps Floods Iranian Banking Sector

No Iranian bank customers are safe from financially motivated cybercriminals wielding convincing but fake mobile apps.

8 Tips on Leveraging AI Tools Without Compromising Security

AI tools can deliver quick and easy results and offer huge business benefits — but they also bring hidden risks.

CVE-2023-6435: Multiple XSS vulnerabilities in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/batches_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.

CVE-2023-48744: WordPress Availability Calendar plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery.This issue affects Availability Calendar: from n/a through 1.2.6.

CVE-2023-40674: WordPress Simple URLs plugin <= 118 - Shortcode Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lasso Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management allows Stored XSS.This issue affects Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management: from n/a through 118.

CVE-2023-41128: WordPress WP Roadmap plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Iqonic Design WP Roadmap – Product Feedback Board allows Stored XSS.This issue affects WP Roadmap – Product Feedback Board: from n/a through 1.0.8.

CVE-2023-41127: WordPress Evergreen Content Poster plugin <= 1.3.6.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Evergreen Content Poster Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media allows Stored XSS.This issue affects Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media: from n/a through 1.3.6.1.

CVE-2023-48284: WordPress Decorator – WooCommerce Email Customizer plugin <= 1.2.7 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator – WooCommerce Email Customizer allows Cross Site Request Forgery.This issue affects Decorator – WooCommerce Email Customizer: from n/a through 1.2.7.