Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42750PUBLISHED: 2022-08-12A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node.
CVE-2021-42751PUBLISHED: 2022-08-12A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node.
CVE-2022-35585PUBLISHED: 2022-08-12A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter
CVE-2022-35587PUBLISHED: 2022-08-12A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter
CVE-2022-35589PUBLISHED: 2022-08-12A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter.
User Rank: Ninja
7/12/2012 | 5:42:54 PM
People
have to be aware of the digital identity that they already have on the web Furthermore
they need to be aware that your digital identity contains all your basic
information; comments, political views, personal views, employer, and family life.
Take for example your Facebook profile it contains name, location, birthday,
and places of study or employment. Kellerman makes a great point; this particular
group is using them to gain financial information, but what about this sort of
attack being used for something other than gaining financial information?-á LetGÇÖs hope that GÇÿblast phishingGÇÖ or GÇÿdynamite
phishing does not become an all too familiar term!
Is there any preventive measures
that user can take to help safeguard themselves against these sort of attacks
in the future?
Paul
Sprague
InformationWeek
Contributor