Linksys EA7500 version 2.0.8.194281 suffers from a cross site scripting vulnerability due to an old jQuery version.
>> AUTHOR: deepcore
Backdoor.Win32.DarkKomet.gozu malware suffers from an insecure permissions vulnerability.
Genexis Platinum-4410 version P4410-V2-1.31A suffers from a persistent cross site scripting vulnerability.
This Metasploit module exploits an unauthenticated arbitrary file upload in FortiLogger via an insecure POST request. It has been tested on versions prior to 5.2.0 in Windows 10 Enterprise.
GetSimple CMS Custom JS Plugin 0.1 – CSRF to Persistent XSS
Regis Inventory And Monitoring System 1.0 – ‘Item List’ Stored XSS
Moodle 3.10.3 – ‘label’ Persistent Cross Site Scripting
https://chaneang.go.th notified by IDOLSEC Team
Ext2Fsd version 0.68 suffers from an unquoted service path vulnerability.
Virus.Win32.Sality.gen malware suffers from an insecure permissions vulnerability.