CVE-2022-45225 - Exploiting XSS in Book Store Management System v1. — A Deep Dive
Cross-Site Scripting (XSS) is a classic web vulnerability that refuses to become irrelevant. In this post, we’ll analyze CVE-2022-45225, a nasty XSS bug in
CVE-2022-39338 - How a Nextcloud user_oidc Discovery URL Bug Enabled XSS in Safari
Nextcloud is one of the most popular open-source self-hosted cloud services out there. Like many modern platforms, Nextcloud supports logging in with multiple identity providers
CVE-2022-39339 - How Plaintext OIDC Credential Leaks Put Nextcloud Accounts at Risk
user_oidc is a widely used OpenID Connect (OIDC) user backend for Nextcloud, enabling seamless SSO (Single Sign-On) integration with identity providers. On November 10,
CVE-2022-45152 - Blind SSRF in Moodle’s LTI Provider – Exploit Details, Impact, and Mitigation
A significant security vulnerability (CVE-2022-45152) was discovered in Moodle, the widely used open-source learning management system. This bug is a Blind Server-Side Request Forgery (SSRF)
CVE-2022-41705 - Remote Code Execution in Badaso v2.6.3 Explained (How Attackers Exploit File Uploads)
If you use Badaso—the Laravel-based admin panel—especially version 2.6.3 or earlier, you need to know about CVE-2022-41705. This critical vulnerability lets
Episode
00:00:00
00:00:00