Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42750PUBLISHED: 2022-08-12A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node.
CVE-2021-42751PUBLISHED: 2022-08-12A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node.
CVE-2022-35585PUBLISHED: 2022-08-12A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter
CVE-2022-35587PUBLISHED: 2022-08-12A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter
CVE-2022-35589PUBLISHED: 2022-08-12A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter.
User Rank: Ninja
9/29/2014 | 8:13:49 AM
you can't steal what isn't there -- and thus Apple's aporoach is and even better step
the underlying problem remains though
we keep attacking encryption and passwords when the actual problem is AUTHENTICATION particularly of softwtwware updates.
by this time we all know: if your phone is hacked -- the hacker will likely have access to your payments mechanism -- if you have one on a "smart" phone
sometimes i wonder just how "smart" these gadgets are...