โผ CVE-2023-5538 โผ
๐ Read
via "National Vulnerability Database".
The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45049 โผ
๐ Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <=ร 4.6.7 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45057 โผ
๐ Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hitsteps Web Analytics plugin <=ร 5.86 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45727 โผ
๐ Read
via "National Vulnerability Database".
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.๐ Read
via "National Vulnerability Database".
๐ด Data Security and Collaboration in the Modern Enterprise ๐ด
๐ Read
via "Dark Reading".
The CISO Survival Guide explores the complex and shifting challenges, perceptions, and innovations that will shape how organizations securely expand in the future.๐ Read
via "Dark Reading".
Dark Reading
Data Security and Collaboration in the Modern Enterprise
The "CISO Survival Guide" explores the complex and shifting challenges, perceptions, and innovations that will shape how organizations securely expand in the future.
๐ด Israeli Cybersecurity Startups: Impact of a Growing Conflict ๐ด
๐ Read
via "Dark Reading".
For Israeli startups and those closely linked to the country, the deepening crisis in the Middle East following the deadly Hamas attacks of Oct. 7 pose a fraught mix of complications. ๐ Read
via "Dark Reading".
Dark Reading
Israeli Cybersecurity Startups: Impact of a Growing Conflict
For Israeli startups and those closely linked to the country, the deepening crisis in the Middle East following the deadly Hamas attacks of Oct. 7 pose a fraught mix of complications.
๐ด Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems ๐ด
๐ Read
via "Dark Reading".
The hacktivists known as SiegedSec identify ICS targets, but there's no evidence of attacks yet.๐ Read
via "Dark Reading".
Dark Reading
Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems
The hacktivists known as SiegedSec identify ICS targets, but there's no evidence of attacks yet.
๐ด The Need for a Cybersecurity-Centric Business Culture ๐ด
๐ Read
via "Dark Reading".
Building a culture of cybersecurity is achievable by acknowledging its importance and consistently reinforcing that message.๐ Read
via "Dark Reading".
Dark Reading
The Need for a Cybersecurity-Centric Business Culture
Building a culture of cybersecurity is achievable by acknowledging its importance and consistently reinforcing that message.
โ๏ธ The Fake Browser Update Scam Gets a Makeover โ๏ธ
๐ Read
via "Krebs on Security".
One of the oldest malware tricks in the book -- hacked websites claiming visitors need to update their Web browser before they can view any content -- has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain.๐ Read
via "Krebs on Security".
Krebs on Security
The Fake Browser Update Scam Gets a Makeover
One of the oldest malware tricks in the book -- hacked websites claiming visitors need to update their Web browser before they can view any content -- has roared back to life in the past few months. New research showsโฆ
โผ CVE-2023-45072 โผ
๐ Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kardi Order auto complete for WooCommerce plugin <=ร 1.2.0 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46007 โผ
๐ Read
via "National Vulnerability Database".
Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-32087 โผ
๐ Read
via "National Vulnerability Database".
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45070 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web Form Builder Team Form Maker by 10Web รขโฌโ Mobile-Friendly Drag & Drop Contact Form Builder plugin <=ร 1.15.18 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46005 โผ
๐ Read
via "National Vulnerability Database".
Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45065 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit plugin <=ร 1.42 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45071 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in 10Web Form Builder Team Form Maker by 10Web รขโฌโ Mobile-Friendly Drag & Drop Contact Form Builder plugin <=ร 1.15.18 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45073 โผ
๐ Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Koch Mendeley Plugin plugin <=ร 1.3.2 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-32088 โผ
๐ Read
via "National Vulnerability Database".
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation๐ Read
via "National Vulnerability Database".
โผ CVE-2023-31217 โผ
๐ Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MyTechTalky User Location and IP plugin <=ร 1.6 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46004 โผ
๐ Read
via "National Vulnerability Database".
Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45067 โผ
๐ Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin <=ร 2.1 versions.๐ Read
via "National Vulnerability Database".