[
22 июня, 2022
# Description Reflected XSS via filter bypass on /api/module using type= parameter. # Proof of Concept ``` https://demo.microweber.org/demo/api/module?type=&live_edit=true&from_url=test ``` T ...
Continue Reading
22 июня, 2022
A phishing campaign is using voicemail notification messages to go after victims' Office 365 credentials. According to [researchers at ZScaler](), the campaign uses spoofed emails with an HTML attachm ...
Continue Reading
22 июня, 2022
### Impact All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of ins ...
Continue Reading
21 июня, 2022
### Impact All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of ins ...
Continue Reading
21 июня, 2022
### Impact An attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally we convert to a `URL` object. The URL instantiation would fail due ...
Continue Reading
21 июня, 2022
### Impact An attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally we convert to a `URL` object. The URL instantiation would fail due ...
Continue Reading
21 июня, 2022
### Impact All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript:` link in the UI. When clicked by ...
Continue Reading
21 июня, 2022
Back to Main
