Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27852PUBLISHED: 2021-01-20A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
CVE-2021-3137PUBLISHED: 2021-01-20XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
CVE-2020-27850PUBLISHED: 2021-01-20A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
CVE-2020-27851PUBLISHED: 2021-01-20
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privile...
CVE-2020-13134PUBLISHED: 2021-01-20
Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1...
User Rank: Ninja
6/9/2017 | 1:14:57 PM
A project requirement I see missing from many a project plan is exactly the things you are referring to, including milestones for data integrity checks before, during and after projects, whether they are one-off requests for an overnight tweak or a year-long project. Luckily for my team we work hand-in-hand with teams like Security and Compliance. We treat all requests the same, we care for the data in the same manner regardless the project. But the requirements should still be documented as many projects may overlook such "minutia".
Time to Market should not compromise integrity and all considerations related to Security and Compliance should be built into the day-to-day operations of every team member who has charge over sensitive data. And, the requirements for such data management written into project plans, no matter how small large, and the operational mind-set of every user with access well trained to avoid breaches of this type.