stored XSS Archives - Security Affairs

Pierluigi Paganini April 22, 2022

A stored XSS flaw in RainLoop allows stealing users’ emails

Experts disclose an unpatched vulnerability in the RainLoop webmail client, tracked as CVE-2022-29360, that can be exploited to steal users’ emails. RainLoop is an open-source web-based email client used by thousands of organizations, which is affected by a vulnerability, tracked as CVE-2022-29360, that can be exploited to steal users’ emails. The vulnerability is a stored […]

Pierluigi Paganini February 21, 2021

Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com

A white hat hacker has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com. The bug bounty hunter Vishal Bharad has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com. Bharad was searching for cross-site request forgery (CSRF), insecure direct object […]

Pierluigi Paganini May 18, 2020

Stored XSS in WP Product Review Lite plugin allows for automated takeovers

A critical flaw in the WP Product Review Lite plugin installed on over 40,000 WordPress sites could potentially allow their take over. Attackers could exploit a critical vulnerability in the WP Product Review Lite WordPress plugin to inject malicious code and potentially take over vulnerable websites. The WP Product Review Lite plugin allows site owners to quickly create custom review […]

Pierluigi Paganini April 03, 2020

100,000 WordPress sites using the Contact Form 7 Datepicker plugin are exposed to hack

An authenticated stored cross-site scripting (XSS) vulnerability could allow attackers to create rogue admins on WordPress sites using Contact Form 7 Datepicker plugin. Administrators of WordPress sites using the Contact Form 7 Datepicker plugin are recommended to remove or deactivate it to prevent attackers from exploiting a stored cross-site scripting (XSS) vulnerability to create rogue […]

stored XSS

A stored XSS flaw in RainLoop allows stealing users’ emails

Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com

Stored XSS in WP Product Review Lite plugin allows for automated takeovers

100,000 WordPress sites using the Contact Form 7 Datepicker plugin are exposed to hack

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Qilin ransomware claimed responsibility for the attack on the beer giant Asahi

DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape

DraftKings thwarts credential stuffing attack, but urges password reset and MFA

Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution

U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog

QUICK LINKS

stored XSS

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!