DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

Impact In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, the ...

Continue Reading

June 25, 2024

WordPress 6.5.5 Security Release – What You Need to Know

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug ...

Continue Reading

June 25, 2024

CVE-2024-6301 Origin Validation Error in Conduit

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most...Read More ...

Continue Reading

June 25, 2024

Akamai Doubles Down on API Security

...Read More ...

Continue Reading

June 25, 2024

CVE-2024-6303 Missing Authorization in Conduit

Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins a ...

Continue Reading

June 25, 2024

CVE-2024-6301 Origin Validation Error in Conduit

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most...Read More ...

Continue Reading

June 25, 2024

CVE-2024-6301

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most...Read More ...

Continue Reading

June 25, 2024

CVE-2024-6301

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most...Read More ...

Continue Reading

June 25, 2024

1 8,160 8,161 8,162 8,163 8,164 9,321

Back to Main
Subscribe for the latest news: