Cloud Security Alliance News Clipping Site

Tag: cross-site scripting

  • Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/11/21/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability CVE-2024-44309 Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability CVE-2024-21287 Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability…

  • The Register: D-Link tells users to trash old VPN routers over bug too dangerous to identify

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/20/dlink_rip_replace_router/ Source: The Register Title: D-Link tells users to trash old VPN routers over bug too dangerous to identify Feedly Summary: Vendor offers 20% discount on new model, but not patches Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a…

  • Hacker News: Go-Safeweb

    by

    system automation
    in

    Source URL: https://github.com/google/go-safeweb Source: Hacker News Title: Go-Safeweb Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the development of a set of secure-by-default libraries for creating HTTP servers in Go. It emphasizes the need to eliminate common security vulnerabilities through careful API design, offering insights into how these libraries can help…

  • Alerts: CISA Adds Five Known Exploited Vulnerabilities to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-adds-five-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Five Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-26086 Atlassian Jira Server and Data Center Path Traversal Vulnerability CVE-2014-2120 Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability CVE-2021-41277 Metabase GeoJSON API Local…

  • Hacker News: Bad Software Keeps Cyber Security Companies in Business

    by

    system automation
    in

    Source URL: https://www.dogesec.com/blog/bad_software_keeps_security_industry_in_business/ Source: Hacker News Title: Bad Software Keeps Cyber Security Companies in Business Feedly Summary: Comments AI Summary and Description: Yes **Summary**: The text provides an analysis of vulnerability trends based on CVE and CWE data from October 2023 to September 2024. It highlights that a significant number of developers still hardcode credentials…

  • Bulletins: Vulnerability Summary for the Week of October 28, 2024

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/bulletins/sb24-309 Source: Bulletins Title: Vulnerability Summary for the Week of October 28, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info acnoo — flutter_api  Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API:…

  • Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious…

  • CSA: Simulate Session Hijacking in Your SaaS Applications

    by

    system automation
    in

    Source URL: https://appomni.com/ao-labs/how-to-simulate-session-hijacking-in-your-saas-applications/ Source: CSA Title: Simulate Session Hijacking in Your SaaS Applications Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses session hijacking, focusing on detection challenges and methods to simulate hijacking in a lab environment. It provides insight into the importance of server-side audit logs for detecting compromised sessions, highlighting the…

  • The Register: Open source LLM tool primed to sniff out Python zero-days

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/10/20/python_zero_day_tool/ Source: The Register Title: Open source LLM tool primed to sniff out Python zero-days Feedly Summary: The static analyzer uses Claude AI to identify vulns and suggest exploit code Researchers with Seattle-based Protect AI plan to release a free, open source tool that can find zero-day vulnerabilities in Python codebases with the…

  • Alerts: CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/09/17/cisa-and-fbi-release-secure-design-alert-eliminating-cross-site-scripting-vulnerabilities Source: Alerts Title: CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities Feedly Summary: Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting…