all InfoSec news
CVE-2023–39308: User Feedback <= 1.0.7 — Unauthenticated Stored XSS
Oct. 15, 2023, 4:21 p.m. | Revan A
InfoSec Write-ups - Medium infosecwriteups.com
CVE-2023–39308: User Feedback <= 1.0.7 — Unauthenticated Stored XSS
Summary
Submit Feedback feature doesn’t filter submitted Text. So, Attacker can submit malicious script. For example, the malicious script can be use to steal cookie or other information with Cross Site Scripting (XSS) Attack.
About Plugins
- Pugin Name: User Feedback — Create Interactive Feedback Form, User Surveys, …
bug bounty cross site scripting infosec vulnerability research
More from infosecwriteups.com / InfoSec Write-ups - Medium
Honeypots 101: A Beginner’s Guide to Honeypots
5 days, 22 hours ago |
infosecwriteups.com
No Dev Team? No Problem: Writing Malware and Anti-Malware With GenAI
6 days, 10 hours ago |
infosecwriteups.com
Devvortex Hackthebox Walkthrough
6 days, 23 hours ago |
infosecwriteups.com
Port Scanning for Bug Bounties
6 days, 23 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
Consultant Sécurité SI H/F Gouvernance - Risques - Conformité - Nantes
@ Hifield | Saint-Herblain, France
L2 Security - Senior Security Engineer
@ Paytm | Noida, Uttar Pradesh
GRC Integrity Program Manager
@ Meta | Bellevue, WA | Menlo Park, CA | Washington, DC | New York City
Consultant Active Directory H/F
@ Hifield | Sèvres, France
Consultant PCI-DSS H/F
@ Hifield | Sèvres, France
Head of Security Operations
@ Canonical Ltd. | Home based - Americas, EMEA