Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS

Zimbra addressed a zero-day vulnerability exploited in attacks aimed at Zimbra Collaboration Suite (ZCS) email servers. Two weeks ago Zimbra urged customers to manually install updates to fix a zero-day vulnerability, now tracked as CVE-2023-38750, that is actively exploited in attacks against Zimbra Collaboration Suite (ZCS) email servers. Zimbra Collaboration Suite is a comprehensive open-source messaging and […]

The post Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS appeared first on Security Affairs.

July 28, 2023
Read More >>

Delving Further: Analyzing Another XSS Vulnerability Found in the Bookly Plugin

Our previous blog explored an XSS vulnerability within the Bookly plugin (WordPress Online Booking and Scheduling Plugin – Bookly). Today, we will delve into another XSS vulnerability that came to light during our research on the same plugin. Our team discovered this vulnerability in March 2023. Following its discovery, we promptly initiated responsible disclosure procedures […]

The post Delving Further: Analyzing Another XSS Vulnerability Found in the Bookly Plugin appeared first on Blogs on Information Technology, Network & Cybersecurity | Seqrite.

June 19, 2023
Read More >>

WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks

A reflected cross-site scripting vulnerability is the Advanced Custom Fields plugin for WordPress exposed over 2 million sites to hacking. Assetnote researchers discovered a reflected cross-site scripting vulnerability, tracked as CVE-2023-29489 (CVSS score: 6.1), in the Advanced Custom Fields plugin for WordPress. The ACF field builder allows users to quickly and easily add fields to […]

The post WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks appeared first on Security Affairs.

May 6, 2023
Read More >>

Cisco discloses a bug in the Prime Collaboration Deployment solution

Cisco is working on a patch for a bug in the Prime Collaboration Deployment solution that was reported by a member of NATO’s Cyber Security Centre (NCSC). Cisco informed its customers that it’s working on a patch for cross-site scripting (XSS) issue, tracked as CVE-2023-20060 (CVSS score 6.1), affecting its Prime Collaboration Deployment product. The vulnerability […]

The post Cisco discloses a bug in the Prime Collaboration Deployment solution appeared first on Security Affairs.

April 28, 2023
Read More >>

XSS Automation – Tool to Identify and Exploit cross-site scripting (XSS) Vulnerabilities

The XSS-Scanner is a tool designed to detect cross-site scripting (XSS) vulnerabilities, widely recognized as among the most common and severe web application security weaknesses. These vulnerabilities are so significant that they are given their chapter in the OWASP Top 10 project and are actively sought after by many bug bounty programs. What is XSS(Cross-Site […]

April 11, 2023
Read More >>