Tag: cross-site scripting (XSS)
-
Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2025/02/25/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability CVE-2023-34192 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability Users and administrators are also encouraged…
-
Hacker News: Python’s official documentation contains textbook example of insecure code (XSS)
Source URL: https://seclists.org/fulldisclosure/2025/Feb/15 Source: Hacker News Title: Python’s official documentation contains textbook example of insecure code (XSS) Feedly Summary: Comments AI Summary and Description: Yes Summary: The text highlights a critical security issue within Python’s documentation related to Cross-Site Scripting (XSS) vulnerabilities stemming from examples in the CGI module. This poses significant risks for web…
-
The Register: VMware plugs steal-my-credentials holes in Cloud Foundation
Source URL: https://www.theregister.com/2025/01/30/vmware_infomration_disclosure_flaws/ Source: The Register Title: VMware plugs steal-my-credentials holes in Cloud Foundation Feedly Summary: Consider patching soon because cybercrooks love to hit vulnerable tools from Broadcom’s virtualization giant Broadcom has fixed five flaws, collectively deemed “high severity," in VMware’s IT operations and log management tools within Cloud Foundation, including two information disclosure bugs…