CVE-2024-45717 - How an Authenticated XSS Vulnerability Hit SolarWinds Platform’s Search & Node Info
In June 2024, a new security flaw was found in the SolarWinds Platform—CVE-2024-45717. This vulnerability is a type of Cross-Site Scripting (XSS) bug that
CVE-2024-49038 - How a Simple XSS Bug in Copilot Studio Lets Attackers Gain Privileges Over the Network
In May 2024, a significant security vulnerability was disclosed for Copilot Studio, a popular platform for integrating AI assistants into business workflows. Tracked as CVE-2024-49038,
CVE-2024-53620 - Exploiting XSS in SPIP v4.3.3 Article Module — How Attackers Can Inject Code via the Title Parameter
In early June 2024, a new vulnerability, CVE-2024-53620, was discovered in the widely-used open-source CMS, SPIP. This issue affects version 4.3.3 and involves
CVE-2024-11694 - Firefox Enhanced Tracking Protection Bug Leads to CSP and XSS Bypass via SafeFrame Shim
In early 2024, Mozilla patched a high-risk security flaw impacting Firefox, Firefox ESR, and Thunderbird. Labeled as CVE-2024-11694, this flaw compromises the integrity of Enhanced
CVE-2023-2142 - Nunjucks Autoescape Bypass - XSS Injection Explained
Summary:
In Nunjucks template engine (before version 3.2.4), there’s a serious vulnerability allowing attackers to bypass autoescape and inject JavaScript code (XSS)
Episode
00:00:00
00:00:00