Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27852PUBLISHED: 2021-01-20A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
CVE-2021-3137PUBLISHED: 2021-01-20XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
CVE-2020-27850PUBLISHED: 2021-01-20A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
CVE-2020-27851PUBLISHED: 2021-01-20
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privile...
CVE-2020-13134PUBLISHED: 2021-01-20
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1...
User Rank: Moderator
8/9/2014 | 11:29:06 AM
Many IoT devices are not built with security in mind. I would be extremely concerned if my car was hacked while driving or a medical device was manipulated. This can be worse than identity theft.
I think that we need to taka a proactive approach to this large scale problem and apply granular data centric security.
Modern granular data protection, like data tokenization, is very cost effective and should not only be used for compliance with regulations like PCI DSS. Recent studies reported that data tokenization can cut security incidents by 50 % for PCI and PII data.
Ulf Mattsson, CTO Protegrity