Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-35585: Cross-site Scripting (XSS) - Stored in forkcms

A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter

CVE
#xss#web#ios#google#java
CVE-2022-35589: Cross-site Scripting (XSS) - Generic in forkcms

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter.

CVE-2022-35590: Cross-site Scripting (XSS) - Generic in forkcms

A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter

CVE-2022-35587: Cross-site Scripting (XSS) - Generic in forkcms

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter

Windows sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString Heap Buffer Overflow

A heap buffer overflow issue exists in Windows 11 and earlier versions. A malicious application may be able to execute arbitrary code with SYSTEM privileges.

Windows sxs!CNodeFactory::XMLParser_Element_doc_assembly_assemblyIdentity Heap Buffer Overflow

A heap buffer overflow issue exists in Windows 11 and earlier versions. A malicious application may be able to execute arbitrary code with SYSTEM privileges.

Gas Agency Management 2022 SQL Injection / XSS / Shell Upload

Gas Agency Management 2022 suffers from cross site scripting, remote SQL injection, and remote shell upload vulnerabilities.

BHUSA: Make sure your security bug bounty program doesn’t create a data leak of its own

Researchers, organizations, and bug disclosure platforms can all make improvements to help protect user data

Researchers found one-click exploits in Discord and Teams

Categories: Exploits and vulnerabilities Categories: News Tags: Discord Tags: Spotify Tags: MicrosoftTeams Tags: Electron Tags: ElectronJS Tags: NodeJS Tags: V8 Chrome Tags: Log4Shell Tags: Log4j A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, and many others (Read more...) The post Researchers found one-click exploits in Discord and Teams appeared first on Malwarebytes Labs.