#xss

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin <= 1.1.8 versions.

CrafterCMS versions 4.0.2 and below suffer from multiple cross site scripting vulnerabilities.

G and G Corporate CMS version 1.0 suffers from a cross site scripting vulnerability.

FreshRSS version 1.11.1 suffers from an html injection vulnerability.

Forum Fire Soft Board version 0.3.0 suffers from a cross site scripting vulnerability.

FlightPath LMS version 4.8.2 suffers from a cross site scripting vulnerability.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | Mail Integration for Office 365 / Outlook plugin <= 1.9.0 versions.

Categories: Threat Intelligence Tags: darkgate Tags: autoit Tags: malvertising Tags: seo poisoning The new version of the DarkGate malware is currently actively being distributed via malspam, malicious ads and SEO poisoning. (Read more...) The post DarkGate reloaded via malvertising and SEO poisoning campaigns appeared first on Malwarebytes Labs.

An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.