Stored XSS with Filter Bypass – blogenginev3.3.8

Read Time:24 Second

Posted by Andrey Stoykov on Dec 18

# Exploit Title: Stored XSS with Filter Bypass – blogenginev3.3.8
# Date: 12/2024
# Exploit Author: Andrey Stoykov
# Version: 3.3.8
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/12/friday-fun-pentest-series-16-stored-xss.html

Stored XSS Filter Bypass #1:

Steps to Reproduce:

1. Login as admin and go to “Content” > “Posts”
2. On the right side of the page choose “Categories”
3. In…

Read More

[SYSS-2024-085]: Broadcom CA Client Automation – Improper Privilege Management (CWE-269)

Read Time:18 Second

Posted by Matthias Deeg via Fulldisclosure on Dec 18

Advisory ID: SYSS-2024-085
Product: CA Client Automation (CA DSM)
Manufacturer: Broadcom
Affected Version(s): 14.5.0.15
Tested Version(s): 14.5.0.15
Vulnerability Type: Improper Privilege Management (CWE-269)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2024-10-18
Solution Date: 2024-12-17
Public Disclosure:…

Read More