Monthly Archive: March 2019

Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door. Date published :...

In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive...

Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum. Date published : 2019-03-01 https://scriptinjection.blogspot.com/2019/02/vanilla-forums-25-stored-xss-in-any.html

Stored XSS in Invision Power Board versions 3.3.1 – 3.4.8 leads to Remote Code Execution. Date published : 2019-03-01 http://www.securityfocus.com/bid/107258 https://scriptinjection.blogspot.com/2019/02/invision-power-board-331-348-stored-xss.html