WordPress LiteSpeed Cache plugin is vulnerable to cross-site scripting vulnerability that may lead to privilege escalation. CVE-2023-40000 may allow an unauthenticated user to steal sensitive information and elevate their privilege on the WordPress site by performing a single HTTP request.
Tag: Cross-Site Scripting (XSS) Vulnerability
Apache Superset Stored Cross-Site Scripting (XSS) Vulnerability (CVE-2023-49657)
Apache Superset, an open-source data visualization software, is vulnerable to a flaw that could allow an attacker to perform stored cross-site scripting attacks. Tracked as CVE-2023-49657, the vulnerability has a critical severity with a CVSS score of 9.6. An attacker must be authenticated and have create/update permissions on charts or dashboards to exploit the vulnerability. An … Continue reading “Apache Superset Stored Cross-Site Scripting (XSS) Vulnerability (CVE-2023-49657)”
pfSense Releases Patch to Address Multiple Vulnerabilities (CVE-2023-42325, CVE-2023-42326, & CVE-2023-42327)
pfSense, an open-source firewall solution by Netgate, is vulnerable to command injection and cross-site scripting vulnerabilities tracked as CVE-2023-42325, CVE-2023-42327, & CVE-2023-42326. The vulnerabilities may lead to remote code execution when chained together. Oskar Zeino-Mahmalat of SonarSource has discovered and reported the vulnerabilities. pfSense computer software distribution based on FreeBSD. The firewall software helps with … Continue reading “pfSense Releases Patch to Address Multiple Vulnerabilities (CVE-2023-42325, CVE-2023-42326, & CVE-2023-42327)”
Zimbra Collaboration Suite Cross-Site Scripting Vulnerability (CVE-2023-37580) Added to CISA Known Exploited Vulnerabilities Catalog
Attackers are exploiting a critical Zimbra Collaboration Suite cross-site scripting vulnerability. CVE-2023-37580 affects the Zimbra Classic Web Client. Successful exploitation of the vulnerability may allow an attacker to compromise the confidentiality and integrity of the target system. CISA has added the CVE-2023-37580 to its Known Exploited Vulnerabilities Catalog urging users to apply the patch before … Continue reading “Zimbra Collaboration Suite Cross-Site Scripting Vulnerability (CVE-2023-37580) Added to CISA Known Exploited Vulnerabilities Catalog”
Qualys Research Team Discovered Multiple Cross-Site Scripting Vulnerabilities in Webmin
The Qualys Research Team discovered nine high and critical severity vulnerabilities in Webmin. The successful exploitation of cross-site scripting (XSS) vulnerabilities could cause severe damage to users and the overall security of the application. Webmin is used to change and manage open-source applications like BIND DNS Server, Apache HTTP Server, PHP, MySQL, and many more, … Continue reading “Qualys Research Team Discovered Multiple Cross-Site Scripting Vulnerabilities in Webmin”
Citrix Application Delivery Controller (ADC) and Citrix Gateway Multiple Vulnerabilities (CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467)
A new critical severity vulnerability (CVE-2023-3519) in the NetScaler ADC and NetScaler Gateway is being exploited in the wild. CVE-2023-3519 may allow an unauthenticated attacker to perform remote code execution on the target system. The advisory addressed two more vulnerabilities: CVE-2023-3466 CVE-2023-3467 Wouter Rijkbost and Jorren Geurts of Resillion have discovered the vulnerabilities addressed in … Continue reading “Citrix Application Delivery Controller (ADC) and Citrix Gateway Multiple Vulnerabilities (CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467)”
Zimbra Collaboration Suite Cross-Site Scripting (XSS) Zero-day Vulnerability
There is a critical severity vulnerability affecting the Zimbra Collaboration Suite. The cross-site scripting vulnerability allows an attacker to impact the confidentiality and integrity of the user’s data. Zimbra has mentioned in the security update that “The fix is planned to be delivered in the July patch release.” Zimbra Collaboration Suite is a widely deployed … Continue reading “Zimbra Collaboration Suite Cross-Site Scripting (XSS) Zero-day Vulnerability”
Citrix ADC and Citrix Gateway Arbitrary File Read and Cross-Site Scripting Vulnerabilities (CVE-2023-24487 & CVE-2023-24488)
Petr Juhanak of Accenture, Dylan Pindur of Assetnote, and Wisdomtree of Ant Group Digital Financial Security Team have discovered two vulnerabilities in Citrix ADC and Citrix Gateway. CVE-2023-24487 may allow attackers to read arbitrary files. CVE-2023-24488 is a cross-site scripting vulnerability that may allow an attacker to execute JavaScript in the victim’s browser. Citrix ADC … Continue reading “Citrix ADC and Citrix Gateway Arbitrary File Read and Cross-Site Scripting Vulnerabilities (CVE-2023-24487 & CVE-2023-24488)”
Jenkins Server Cross-Site Scripting (XSS) Vulnerability (CVE-2023-27898)
Researchers from Aqua Nautilus have identified a series of flaws in the widely used Jenkins Server and Update Center that they have termed CorePlague (CVE-2023-27898 and CVE-2023-27905). An unauthenticated attacker might be able to execute arbitrary code on the victim’s Jenkins server by exploiting these vulnerabilities. Successful exploitation could result in a complete compromise of … Continue reading “Jenkins Server Cross-Site Scripting (XSS) Vulnerability (CVE-2023-27898)”