Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42750PUBLISHED: 2022-08-12A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node.
CVE-2021-42751PUBLISHED: 2022-08-12A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node.
CVE-2022-35585PUBLISHED: 2022-08-12A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter
CVE-2022-35587PUBLISHED: 2022-08-12A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter
CVE-2022-35589PUBLISHED: 2022-08-12A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter.
User Rank: Strategist
9/30/2014 | 11:03:40 AM
1) Simplify as much as possible, as has been mentioned in the comments. This is particularly true in the entrance to any programs. The fewer doors, the fewer ways for the rats to get in. I know it's a broad brush, but complexity for its own sake is unsafe. The likelyhood is that every system is probably unsafe due to designers not thinking of every way their code is going to be attacked. This isn't because they're bad designers, it's because not every way code is going to be attacked has been thought of by anybody yet.
2) The people who aren't patching aren't fatigued. Regular patchers shouldn't be fatigued, it's just part of what they do. People who patch absolutly everything the moment a patch comes out probably are fatigued.