XSS Archives - Cyber Security Minute

MITRE Publishes 2022 List of 25 Most Dangerous Vulnerabilities

Issued by: Security Week

The 2022 CWE Top 25 Most Dangerous Software Weaknesses list contains the most common and impactful weaknesses, and is based on the analysis of nearly 38,000 CVE records from the previous two years. Out-of-bounds write and cross-site scripting (XSS) remain the two most dangerous vulnerabilities. Some of the most significant changes include race conditions moving…

Vulnerabilities

WordPress 5.8.1 Patches Several Vulnerabilities

Issued by: Security Week

Users have been informed that the latest update includes three security fixes, including for a data exposure flaw related to the REST API, and a cross-site scripting (XSS) issue in the block editor. WordPress 5.8.1 also updates Lodash, a JavaScript library that provides utility functions for common programming tasks, to address security issues. These vulnerabilities…

Vulnerabilities

XSS Vulnerability in Cisco Security Products Exploited in the Wild

Issued by: Security Week

Reports of in-the-wild exploitation emerged shortly after cybersecurity firm Positive Technologies released a proof-of-concept (PoC) exploit for the vulnerability tracked as CVE-2020-3580. Others also released PoC exploits shortly after. CVE-2020-3580 is one of the several XSS vulnerabilities patched in October 2020 by Cisco in its ASA and FTD products. Some of these flaws were reported…

Vulnerabilities

Details Disclosed for GitHub Pages Flaws That Earned Researchers $35,000

Issued by: Security Week

GitHub Pages is a service that individuals and organizations can use to host websites. The sites can be hosted on a custom domain or the github.io domain, and the code for the website is taken directly from a private or public GitHub repository. The pages themselves can also be private or public. Over the weekend,…

Cloud Security

Adobe Patches Code Execution Flaws in Connect, Creative Cloud, Framemaker

Issued by: Security Week

In the Creative Cloud desktop application, Adobe fixed three flaws rated critical, including arbitrary file overwrite and OS command injection issues that can lead to code execution, and an improper input validation issue that can be exploited for privilege escalation. In its Connect product, the company addressed one critical input validation issue that can result…

Vulnerabilities

Information Disclosure, XSS Vulnerabilities Patched in Drupal

Issued by: Security Week

The most serious of the flaws is CVE-2020-13668, a critical XSS issue affecting Drupal 8 and 9. It’s worth noting that Drupal uses the NIST Common Misuse Scoring System to determine security risk levels and critical is the second highest level, after highly critical. The issue is a reflected XSS and exploitation is only possible…

Malware & Threats

COVID-19 affects web traffic and attack trends

Issued by: Help Net Security

There have been significant changes in web attack and traffic trends as a result of COVID-19, according to Imperva. The monthly report also revealed that the Cyber Threat Index remains at a ‘high’ level and the financial services sector has been suffering the most from cross-scripting site (XSS) attacks, and a continued increase in attacks…

Application Security, Network Security

Most credential abuse attacks against the financial sector targeted APIs

Issued by: Help Net Security

From May 2019 and continuing on until the end of the year, there was a dramatic shift by criminals who started targeting APIs, in an effort to bypass security controls. According to data from Akamai, up to 75% of all credential abuse attacks against the financial services industry targeted APIs directly. According to the report’s…

Vulnerabilities

Yahoo Pays Out $10,000 Bounty for Critical Mail Flaw

Issued by: Security Week

A researcher has earned $10,000 for finding a critical Yahoo! Mail vulnerability that could have been exploited simply by getting the targeted user to open a specially crafted email. Nearly one year ago, Jouko Pynnönen of Finland-based software company Klikki Oy discovered a stored cross-site scripting (XSS) vulnerability in the web version of the Yahoo!…