Experimental News Clipping Site

Tag: cross-site scripting

  • Hacker News: Python’s official documentation contains textbook example of insecure code (XSS)

    by

    Kurt Seifried
    in

    Source URL: https://seclists.org/fulldisclosure/2025/Feb/15 Source: Hacker News Title: Python’s official documentation contains textbook example of insecure code (XSS) Feedly Summary: Comments AI Summary and Description: Yes Summary: The text highlights a critical security issue within Python’s documentation related to Cross-Site Scripting (XSS) vulnerabilities stemming from examples in the CGI module. This poses significant risks for web…

  • Cisco Talos Blog: ClearML and Nvidia vulns

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/clearml-and-nvidia-vulns/ Source: Cisco Talos Blog Title: ClearML and Nvidia vulns Feedly Summary: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.   For Snort…

  • Bulletins: Vulnerability Summary for the Week of January 27, 2025

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/bulletins/sb25-034 Source: Bulletins Title: Vulnerability Summary for the Week of January 27, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 0xPolygonZero–plonky2  Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) always…

  • The Register: VMware plugs steal-my-credentials holes in Cloud Foundation

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/30/vmware_infomration_disclosure_flaws/ Source: The Register Title: VMware plugs steal-my-credentials holes in Cloud Foundation Feedly Summary: Consider patching soon because cybercrooks love to hit vulnerable tools from Broadcom’s virtualization giant Broadcom has fixed five flaws, collectively deemed “high severity," in VMware’s IT operations and log management tools within Cloud Foundation, including two information disclosure bugs…

  • Cisco Talos Blog: Whatsup Gold, Observium and Offis vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/whatsup-gold-observium-offis-vulnerabilities/ Source: Cisco Talos Blog Title: Whatsup Gold, Observium and Offis vulnerabilities Feedly Summary: Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold.   These vulnerabilities exist in Observium, a network observation and monitoring system; Offis DCMTK, a collection of libraries and applications…

  • Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/23/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2020-11023 JQuery Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks…