CyberSecurity news
FlagThis - #xss
|
@Talkback Resources - 4d
Millions of WordPress websites face potential script injection attacks due to a critical vulnerability found in the Essential Addons for Elementor plugin, which is installed on over 2 million sites. The flaw, identified as CVE-2025-24752 with a high severity score of 7.1, allows attackers to execute reflected cross-site scripting (XSS) attacks. This is achieved by exploiting insufficient input sanitization within the plugin's password reset functionality, specifically through malicious URL parameters.
A fake WordPress plugin has also been discovered injecting casino spam, impacting website SEO. In a separate incident, cybersecurity researchers have flagged a malicious Python library on the PyPI repository, named 'automslc', which facilitates over 100,000 unauthorized music downloads from Deezer. The package bypasses Deezer's API restrictions by embedding hardcoded credentials and communicating with an external command-and-control server, effectively turning user systems into a botnet for music piracy.
Share:
References :
Classification:
Ameer Owda@socradar.io - 90d
Cisco has confirmed the active exploitation of a decade-old vulnerability, CVE-2014-2120, affecting the WebVPN login page of its Adaptive Security Appliance (ASA) software. This cross-site scripting (XSS) vulnerability, originally disclosed in 2014, allows unauthenticated, remote attackers to launch XSS attacks against WebVPN users by enticing them to click a malicious link. The vulnerability stems from insufficient input validation, enabling attackers to inject malicious scripts into the victim's browser. Cisco's Product Security Incident Response Team (PSIRT) became aware of renewed exploitation attempts in November 2024, prompting an updated advisory urging customers to upgrade to a fixed software release immediately.
While Cisco strongly recommends upgrading to patched software versions, it's important to note that free updates will not be provided for vulnerabilities disclosed through Security Notices. Customers are advised to contact their usual support channels to obtain the necessary upgrades. The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2014-2120 to its Known Exploited Vulnerabilities (KEV) catalog in November 2024, further highlighting the critical need for swift remediation. Organizations utilizing third-party support should consult their service providers to ensure compatibility with any applied fixes.
Share:
References :
Classification:
Ameer Owda@socradar.io - 89d
A decade-old vulnerability in Cisco's Adaptive Security Appliance (ASA) software, CVE-2014-2120, is being actively exploited, prompting a renewed warning from Cisco. Initially deemed medium severity with a CVSS score of 4.3, the vulnerability allows Cross-site Scripting (XSS) attacks. Attackers can trick users into accessing malicious links, injecting scripts to gain unauthorized access. The Androxgh0st botnet is leveraging this flaw, alongside others, for broader malicious campaigns, including malware distribution. Cisco's Product Security Incident Response Team (PSIRT) observed active attacks as early as November 2024, leading to an updated advisory urging users to upgrade to patched versions.
The vulnerability stems from insufficient input validation in the ASA's WebVPN login page. While originally requiring user interaction to exploit, recent reports indicate a shift towards more sophisticated attack methods employed by the Androxgh0st botnet. Cisco emphasizes the importance of updating vulnerable ASA versions despite the vulnerability's age and relatively low initial severity rating. This incident highlights the ongoing threat posed by older, unpatched systems and the need for comprehensive security practices to mitigate risks from evolving cyber threats.
Share:
References :
Classification: |