Security News

Dalfox: Open-source XSS scanner

2025-02-26 05:30

DalFox is an open-source tool for automating the detection of XSS vulnerabilities. With powerful testing capabilities and a wide range of features, it makes scanning, analyzing parameters, and...

#opensource #XSS

Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities

2025-02-10 09:09

Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain...

#security #SQL #ssrf #update #vulnerabilities #XSS #zimbra #CVE-2025-25064

CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

2025-01-24 05:39

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited...

#cisa #vulnerabilities #XSS #CVE-2020-11023

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)

2024-10-22 09:21

Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have...

#credential #CVE #email #XSS #CVE-2024-37383

Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials

2024-10-20 07:37

Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user...

#credential #exploit #hacker #vulnerability #XSS

WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

2024-10-04 09:11

A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions....

#attack #cache #security #wordpress #XSS #CVE-2024-47374

CISA urges software devs to weed out XSS vulnerabilities

2024-09-17 16:39

CISA and the FBI urged tech companies to review their software and eliminate cross-site scripting (XSS) vulnerabilities before shipping. [...]

#cisa #devs #vulnerabilities #XSS

Netgear warns users to patch auth bypass, XSS router flaws

2024-07-12 15:34

Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting and authentication bypass vulnerabilities in several WiFi 6 router models. The stored XSS security flaw impacts the XR1000 Nighthawk gaming router.

#bypass #netgear #patch #router #XSS

New attack uses MSC files and Windows XSS flaw to breach networks

2024-06-24 19:03

A novel command execution technique dubbed 'GrimResource' uses specially crafted MSC and an unpatched Windows XSS flaw to perform code execution via the Microsoft Management Console. After Microsoft fixed this issue in ISO files and 7-Zip added the option to propagate MoTW flags, attackers were forced to switch to new attachments, such as Windows Shortcuts and OneNote files.

#attack #breach #windows #XSS

Joomla fixes XSS flaws that could expose sites to RCE attacks

2024-02-21 22:55

Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites. The vendor has addressed the security issues, which impact multiple versions of Joomla, and fixes are present in versions 5.0.3 and also 4.4.3 of the CMS. Joomla's advisory notes that CVE-2024-21725 is the vulnerability with the highest severity risk and has a high exploitation probability.

#attack #joomla #RCE #XSS #CVE-2024-21725 #CVE-2024-21726

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}

Security News