NEWS

There are no events to display

SERVICES

The service aims at offering a representation of the  Cybersecurity domain through the creation of a controlled...

The service analyzes a DNS request log and detects if there are domain names which can be generated by a Domain...

This service identifies typical ransomware behaviours such as file ciphering. Differently from signature-based anti-...

This service analyses sets of email file in .eml format to identify the unsolicited ones (SPAM). Moreover, the service...

LATEST CVE

Published Description
CVE-2020-13643
28-05-2020 04:15:00
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser.
CVE-2020-13641
28-05-2020 04:15:00
An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The far_options_page function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript, allowing for that be executed later in the victims browser.
CVE-2020-13642
28-05-2020 04:15:00
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The action_builder_content function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser.
CVE-2020-13644
28-05-2020 04:15:00
An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accordion.
CVE-2020-8603
27-05-2020 23:15:00
A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Pages