🛡 Cybersecurity & Privacy 🛡 - News
@cibsecurity
25.9K subscribers
89.2K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
🛡 Cybersecurity & Privacy 🛡 - News
25.9K subscribers
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-5320

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

📖 Read

via "National Vulnerability Database".
290 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43711

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "admin_firstname" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.

📖 Read

via "National Vulnerability Database".
286 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-5227

Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

📖 Read

via "National Vulnerability Database".
246 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-5317

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

📖 Read

via "National Vulnerability Database".
215 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43706

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "email_templates_key" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.

📖 Read

via "National Vulnerability Database".
230 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43704

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "title" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.

📖 Read

via "National Vulnerability Database".
217 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43705

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "translation_value[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.

📖 Read

via "National Vulnerability Database".
230 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-5316

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

📖 Read

via "National Vulnerability Database".
259 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43707

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "CatalogsPageDescriptionForm[1][name]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.

📖 Read

via "National Vulnerability Database".
226 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-5295

The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

📖 Read

via "National Vulnerability Database".
317 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-5201

The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site.

📖 Read

via "National Vulnerability Database".
306 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-5319

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

📖 Read

via "National Vulnerability Database".
254 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43709

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE)" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.

📖 Read

via "National Vulnerability Database".
247 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43710

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.

📖 Read

via "National Vulnerability Database".
306 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43703

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.

📖 Read

via "National Vulnerability Database".
386 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43708

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.

📖 Read

via "National Vulnerability Database".
1
472 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-5318

Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.

📖 Read

via "National Vulnerability Database".
1
520 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-5300

A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240939.

📖 Read

via "National Vulnerability Database".
574 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-5301

A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240940.

📖 Read

via "National Vulnerability Database".
👍1
630 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2022-4956

A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903.

📖 Read

via "National Vulnerability Database".
543 views
🛡 Cybersecurity & Privacy 🛡 - News
CVE-2023-43720

Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.This vulnerability allows attackers to inject JS through the "BILLING_GENDER_TITLE[1]" parameter,potentially leading to unauthorized execution of scripts within a user's web browser.

📖 Read

via "National Vulnerability Database".
461 views