XSS

Vulnerabilities

Issued by: Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Roundcube Webmail Persistent Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2023-43770, to its Known Exploited Vulnerabilities (KEV) catalog. Roundcube is an open-source web-based email client. It provides a user-friendly interface for accessing email accounts via a web browser. Users can send and receive emails, manage their…

Application Security

Issued by: Dark Reading

Application security posture management (ASPM) is a method of managing and improving the security of software applications. It encompasses the processes, tools, and practices designed to identify, classify, and mitigate security vulnerabilities across an application’s life cycle. It includes scanning for vulnerabilities, tracking identified vulnerabilities, managing patch processes, and implementing continuous monitoring and improvement procedures….

Cloud Security

Issued by: Dark Reading

Microsoft has patched what researchers called a “dangerous” flaw in its Azure Service Fabric component of the company’s cloud-hosting infrastructure. If exploited, it would have allowed an unauthenticated, malicious actor to execute code on a container hosted on the platform. Researchers from Orca Security discovered the cross-site scripting (XSS) flaw — which they dubbed Super…

Vulnerabilities

Issued by: Security Week

One of the high-severity issues affects FortiTester and it allows an authenticated attacker to execute commands via specially crafted arguments to existing commands. FortiSIEM is affected by a vulnerability that allows a local attacker with command-line access to perform operations on the Glassfish server directly via a hardcoded password. The remaining high-severity flaws are stored…

Vulnerabilities

Issued by: Security Week

The 2022 CWE Top 25 Most Dangerous Software Weaknesses list contains the most common and impactful weaknesses, and is based on the analysis of nearly 38,000 CVE records from the previous two years. Out-of-bounds write and cross-site scripting (XSS) remain the two most dangerous vulnerabilities. Some of the most significant changes include race conditions moving…

Vulnerabilities

Issued by: Security Week

Users have been informed that the latest update includes three security fixes, including for a data exposure flaw related to the REST API, and a cross-site scripting (XSS) issue in the block editor. WordPress 5.8.1 also updates Lodash, a JavaScript library that provides utility functions for common programming tasks, to address security issues. These vulnerabilities…

Vulnerabilities

Issued by: Security Week

Reports of in-the-wild exploitation emerged shortly after cybersecurity firm Positive Technologies released a proof-of-concept (PoC) exploit for the vulnerability tracked as CVE-2020-3580. Others also released PoC exploits shortly after. CVE-2020-3580 is one of the several XSS vulnerabilities patched in October 2020 by Cisco in its ASA and FTD products. Some of these flaws were reported…

Cloud Security

Issued by: Security Week

In the Creative Cloud desktop application, Adobe fixed three flaws rated critical, including arbitrary file overwrite and OS command injection issues that can lead to code execution, and an improper input validation issue that can be exploited for privilege escalation. In its Connect product, the company addressed one critical input validation issue that can result…