Tag: xss

Microsoft Saved Console files, Windows XSS bug leveraged in novel attack

Jun 26, 2024 8:42 PM

Tags: attack, microsoft, windows, xss

First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/microsoft-saved-console-files-windows-xss-bug-leveraged-in-novel-attack
New attack uses MSC files and Windows XSS flaw to breach networks

Jun 26, 2024 4:43 PM

Tags: attack, breach, flaw, network, windows, xss

A novel command execution technique dubbed ‘GrimResource’ uses specially crafted MSC (Microsoft Saved Console) and an unpatched Windows XSS flaw to pe… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-grimresource-attack-uses-msc-files-and-windows-xss-flaw-to-breach-networks/
Hackers Use Windows XSS Flaw To Execute Arbitrary Command In MMC Console

Jun 26, 2024 1:42 PM

Tags: exploit, flaw, infection, malicious, windows, xss

Attackers are leveraging a new infection technique called GrimResource that exploits MSC files. By crafting malicious MSC files, they can achieve full… First seen on gbhackers.com Jump to article: gbhackers.com/windows-xss-flaw-mmc-command-execution/
NCB Buenos Aires Faces Alleged Threat from XSS and CSRF Vulnerabilities

Jun 26, 2024 1:41 AM

Tags: dark-web, interpol, leak, threat, vulnerability, xss

The National Central Bureau (NCB) Buenos Aires, a vital division of Interpol in Argentina, has been listed by a dark web actor, claiming to leak metho… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/ncb-buenos-aires-xss-and-csrf-vulnerabilities/
0-day Vulnerability In 10,000 Web Apps Exploited Using XSS Payloads

Jun 17, 2024 9:17 AM

Tags: cve, exploit, vulnerability, xss

A significant vulnerability, tracked as CVE-2024-37629, has been discovered in SummerNote 0.8.18. It allows Cross-Site Scripting (XSS) via the Code Vi… First seen on gbhackers.com Jump to article: gbhackers.com/0day-vulnerability-xss-payloads/
XSS Vulnerabilities Found in WordPress Plugin Slider Revolution

Jun 4, 2024 1:04 PM

Tags: vulnerability, wordpress, xss

First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/xss-flaws-wordpress-plugin-slider/
Hackers Exploiting Stored XSS Vulnerabilities in WordPress Plugins

Jun 3, 2024 3:03 PM

Tags: cyberattack, exploit, hacker, vulnerability, wordpress, xss

In recent cyberattacks, hackers are actively exploiting stored cross-site scripting (XSS) vulnerabilities in various WordPress plugins. According to F… First seen on gbhackers.com Jump to article: gbhackers.com/exploiting-stored-xss-vulnerabilities/
Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors

Jun 3, 2024 9:03 AM

Tags: backdoor, exploit, flaw, malicious, wordpress, xss

Malicious campaign exploits high-severity XSS flaws in three WordPress plugins to backdoor websites. The post s campaign exploits high-severity XSS fl… First seen on securityweek.com Jump to article: www.securityweek.com/critical-wordpress-plugin-flaws-exploited-to-inject-malicious-scripts-and-backdoors/
An XSS flaw in GitLab allows attackers to take over accounts

May 28, 2024 8:20 AM

Tags: flaw, gitlab, vulnerability, xss

GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to take over user accounts. GitLab fix… First seen on securityaffairs.com Jump to article: securityaffairs.com/163649/hacking/gitlab-xss-flaw.html
LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites

May 13, 2024 4:19 PM

Tags: injection, malicious, vulnerability, wordpress, xss

Is your WordPress site using LiteSpeed Cache? A recent surge in malicious JavaScript injections targets vulnerable versions. Learn how to identify the… First seen on hackread.com Jump to article: www.hackread.com/litespeed-cache-plugin-xss-vulnerability-wordpress-sites/
Cisco warns of XSS flaw in endlife small business routers

Apr 9, 2024 8:35 PM

Tags: business, cisco, flaw, router, xss

Cisco warns customers of Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site scripting flaw. Cisco warns of a Small Busine… First seen on securityaffairs.com Jump to article: securityaffairs.com/161540/security/cisco-eof-routers-xss.html
Multiple Cisco Small Business Routers Vulnerable to XSS Attacks

Apr 9, 2024 8:03 AM

Tags: attack, business, cisco, cve, router, vulnerability, xss

Cisco has alerted its customers about a critical vulnerability affecting several Small Business RV Series Routers models. This vulnerability, CVE-2024… First seen on gbhackers.com Jump to article: gbhackers.com/vulnerable-to-xss-attacks/
XSS flaw in WordPress WP-Members Plugin can lead to script injection

Apr 5, 2024 8:36 PM

Tags: flaw, injection, malicious, vulnerability, wordpress, xss

A cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin can lead to malicious script injection. Researchers from Defi… First seen on securityaffairs.com Jump to article: securityaffairs.com/161407/hacking/wordpress-wp-members-plugin-xss.html
Hackers Selling GlorySprout Malware with Anti-VM Features in underground Fourm for $300

Mar 20, 2024 2:45 PM

Tags: access, malware, xss

GlorySprout stealer, advertised on the XSS forum in early March 2024, is a C++ stealer sold for $300 with lifetime access and temporary payload encryp… First seen on gbhackers.com Jump to article: gbhackers.com/glorysprout-malware/
LockBit’s Conversation on XSS Forum with an Initial Access Broker

Mar 14, 2024 11:29 AM

Tags: access, hacking, lockbit, russia, xss

In February of 2024, admins of the Russian hacking forum XSS banned the primary LockBit account active on the forum. The ban was the result of a dispu… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/03/lockbits-conversation-on-xss-forum-with-an-initial-access-broker/
WordPress Plugin Flaw Exposes 200,000+ Websites to XSS Attacks

Mar 12, 2024 7:46 AM

Tags: attack, flaw, vulnerability, xss

Over 200,000 websites have been left vulnerable to Cross-Site Scripting (XSS) attacks due to a flaw in the Ultimate Member plugin for WordPress. This … First seen on gbhackers.com Jump to article: gbhackers.com/wordpress-plugin-flaw/
WordPress Builder Plugin Flaw Exposes 3,300+ Websites To XSS Attack

Mar 11, 2024 3:46 PM

Tags: attack, flaw, malware, vulnerability, wordpress, xss

A recent surge in attacks from a new malware campaign exploits a known vulnerability in the WordPress plugin Popup Builder, infecting over 3,300 websi… First seen on gbhackers.com Jump to article: gbhackers.com/wordpress-builder-plugin-flaw/
OpenNMS XSS Flaw Let Attackers Inject JavaScript Payload

Mar 6, 2024 2:13 PM

Tags: flaw, malicious, monitoring, network, vulnerability, xss

A critical vulnerability in OpenNMS, a widely used network monitoring solution, has been identified, allowing attackers to inject malicious JavaScript… First seen on gbhackers.com Jump to article: gbhackers.com/opennms-xss-attackers-javascript/
Authorities Claim LockBit Admin LockBitSupp Has Engaged with Law Enforcement

Mar 4, 2024 5:29 PM

Tags: cybercrime, exploit, law, lockbit, ransomware, service, xss

LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, has engage… First seen on thehackernews.com Jump to article: thehackernews.com/2024/02/authorities-claim-lockbit-admin.html
11 Expert Web Application Security Best Practices for 2024

Feb 26, 2024 8:39 PM

Tags: application-security, attack, best-practice, injection, sql, vulnerability, xss

Are your web applications vulnerable? Explore the top web application security best practices to defend against attacks like XSS, SQL injection, and C… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/02/11-expert-web-application-security-best-practices-for-2024/
Joomla XSS Bugs Open Millions of Websites to RCE

Feb 20, 2024 11:19 PM

Tags: rce, remote-code-execution, xss

First seen on darkreading.com Jump to article: www.darkreading.com/application-security/joomla-xss-bugs-open-millions-websites-rce
Joomla: Multiple XSS Vulnerabilities

Feb 20, 2024 7:19 PM

Tags: vulnerability, xss

Our Clean Code solution, SonarCloud, led us to a severe security issue in the popular Content Management System Joomla. The post n Code solution, Sona… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/02/joomla-multiple-xss-vulnerabilities/
Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770)

Feb 13, 2024 11:29 AM

Tags: cve, exploit, software, vulnerability, xss

CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/02/13/cve-2023-43770/
Tenable warnt vor Ausnutzung einer Stored XSS-Schwachstelle

Feb 12, 2024 1:46 AM

Tags: apache, vulnerability, xss

Unternehmen sollten Maßnahmen in Bezug auf bereits bereitgestellte Apache-Airflow-Instanzen in ihren AWS- oder GCP-verwalteten Diensten ergreifen, da … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/tenable-warnt-vor-ausnutzung-einer-stored-xss-schwachstelle/a35685/
‘ResumeLooters’ Attackers Steal Millions of Career Records

Feb 10, 2024 1:42 PM

Tags: email, injection, jobs, sql, xss

The cyberattackers used SQL injection and XSS to target 65 retail companies and job recruiters, stealing databases with unique emails and other sensit… First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/-resumelooters-attackers-steal-millions-career-records
Cross-Site Scripting erklärt: Was ist ein XSS-Angriff?

Jan 30, 2024 8:40 PM

Tags: cyberattack, xss

First seen on csoonline.com Jump to article: www.csoonline.com/de/a/was-ist-ein-xss-angriff
Tumblr worm proliferated due to XSS flaw

Dec 4, 2012 5:17 PM

Tags: flaw, worm, xss

First seen on http: Jump to article: net-security.org/secworld.php
[Video] Microsoft Help Center Xss And Command Execution Browser Exploit On Backtrack 5 R3

Nov 29, 2012 1:55 PM

Tags: access, exploit, microsoft, xss

Help and Support Center is the default application provided to access online documentation for Microsoft Windows. Microsoft supports accessing help do… First seen on http: Jump to article: feedproxy.google.com/~r/SecurityTube/~3/t6yN6HytEcM/6298
XSS vulnerability in 4shared and NATO Multimedia Library Exposed

Nov 28, 2012 7:54 PM

Tags: data-breach, vulnerability, xss

Inj3ct0r Team found cross site scripting vulnerability in 4shared , a file sharing site. Vulnerabil… First seen on http: Jump to article: thehackernews.com/2012/11/xss-vulnerability-in-4shared-and-nato.html
eBay Patches Critical XSS, SQL Holes

Nov 27, 2012 7:29 PM

Tags: sql, vulnerability, xss

Developers at the popular online auction site eBay recently patched two potentially critical vulnerabilities, a cross-site scripting bug and a SQL inj… First seen on http: Jump to article: threatpost.com/en_us/blogs/yahoo-mail-cross-site-scripting-attack-sale-112612