A significant vulnerability, CVE-2024-37629, has been discovered in SummerNote 0.8.18, allowing Cross-Site Scripting (XSS) via the Code View function. Summernote is a JavaScript library for creating WYSIWYG editors online. An attacker can use XSS to insert harmful scripts into a trusted application or website. An XSS attack often starts with an attacker luring a user to click on a malicious link. According to security researcher Sergio Medeiros, 10,000 web apps have a 0-day vulnerability that can be exploited with a simple XSS payload. Detecting XSS Vulnerability in the Editor Given similar XSS concerns in editors like CKEditor and TinyMCE, the security researcher decided to investigate the WYSIWYG Editor. This led to the SummerNote website, where users can see the WYSIWYG editor’s features on the homepage, along with a GitHub repository URL to examine the codebase. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gsRA6ivt #vulnerability #summernote #xss #codeview #javascript #attacker #maliciouslink #securityresearcher #website #zeroday #cyberattack #cybersecurity #cybernews #fhn #firsthackersnews #informationsecurity #latestnews
FirstHackers News’ Post
More Relevant Posts
-
A significant vulnerability, CVE-2024-37629, has been discovered in SummerNote 0.8.18, allowing Cross-Site Scripting (XSS) via the Code View function. Summernote is a JavaScript library for creating WYSIWYG editors online. An attacker can use XSS to insert harmful scripts into a trusted application or website. An XSS attack often starts with an attacker luring a user to click on a malicious link. According to security researcher Sergio Medeiros, 10,000 web apps have a 0-day vulnerability that can be exploited with a simple XSS payload. Detecting XSS Vulnerability in the Editor Given similar XSS concerns in editors like CKEditor and TinyMCE, the security researcher decided to investigate the WYSIWYG Editor. This led to the SummerNote website, where users can see the WYSIWYG editor’s features on the homepage, along with a GitHub repository URL to examine the codebase. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gedPWFm6 #vulnerability #summernote #xss #codeview #javascript #attacker #maliciouslink #securityresearcher #website #zeroday #cyberattack #cybersecurity #cybernews #fhn #firsthackersnews #informationsecurity #latestnews
0-Day Vulnerability in 10,000 Web Apps Exploited with XSS Payloads -
https://firsthackersnews.com
To view or add a comment, sign in
-
A significant vulnerability, CVE-2024-37629, has been discovered in SummerNote 0.8.18, allowing Cross-Site Scripting (XSS) via the Code View function. Summernote is a JavaScript library for creating WYSIWYG editors online. An attacker can use XSS to insert harmful scripts into a trusted application or website. An XSS attack often starts with an attacker luring a user to click on a malicious link. According to security researcher Sergio Medeiros, 10,000 web apps have a 0-day vulnerability that can be exploited with a simple XSS payload. Detecting XSS Vulnerability in the Editor Given similar XSS concerns in editors like CKEditor and TinyMCE, the security researcher decided to investigate the WYSIWYG Editor. This led to the SummerNote website, where users can see the WYSIWYG editor’s features on the homepage, along with a GitHub repository URL to examine the codebase. ~First Hackers News To Continue reading this article, click on this link >>> https://lnkd.in/gsGtcM2W #vulnerability #summernote #xss #codeview #javascript #attacker #maliciouslink #securityresearcher #website #zeroday #cyberattack #cybersecurity #cybernews #fhn #firsthackersnews #informationsecurity #latestnews
0-Day Vulnerability in 10,000 Web Apps Exploited with XSS Payloads -
https://firsthackersnews.com
To view or add a comment, sign in
-
Hey guys! I recently ran into a challenge with JavaScript prototype chain vulnerabilities, which encouraged me to look into Map as a safer option. I summarized my thoughts. Examine practical examples such as reducing object injection attacks to discover how Maps provide an excellent defense. I hope you find it helpful when you check it out! 📝💡 Link here : https://lnkd.in/eK_5xDqc
Understanding the Differences Between Map and Object in JavaScript
medium.com
To view or add a comment, sign in
-
A significant vulnerability, tracked as CVE-2024-37629, has been discovered in #SummerNote 0.8.18. It allows Cross-Site Scripting (XSS) via the Code View Function. Summernote is a JavaScript library that helps you create WYSIWYG editors online. An attacker can insert harmful executable scripts into the code of a trustworthy application or website through a technique known as cross-site scripting (XSS). #cybersecurity #xss #javascript #library
0-day Vulnerability In 10,000 Web Apps Exploited Using XSS Payloads
https://gbhackers.com
To view or add a comment, sign in
-
#javascript #webpack #security #securityholes #crosssitescripting #xss #crosssiterequestforgery #csrf #crossoriginresourcesharing #cors #innerHTML #textContent #sanitizehtml I improved my previous "JavaScript Share My Place" app so that I can protect it from security holes and concepts. I specifically handled the two most important JavaScript attack patterns or vulnerabilities, which are: => Security Details exposed accidentally in the code => Cross Site Scripting (XSS) attacks To prevent my application from these security holes, I made sure that not any sensitive data was present in my code and I used the Sanitize HTML package. You can check my whole code on my GitHub via the link below: https://lnkd.in/edZWvTy7 By the way, I named this little JavaScript demo "JavaScript Security Share My Place". If you curious about what it looks like, please have a look at it by clicking the following link: https://lnkd.in/eu-Zymv4 However, you would have to insert your own Google Maps API key to make it work properly. Anyways, you can leave me a comment for more detail about this application and how it works. And if you are a developer, you can give me some advice about my project or just put a star ⭐ to my repository if you like it.
GitHub - sofiane-abou-abderrahim/javascript-security-share-my-place: I improved my previous "JavaScript Share My Place" app so that I can protect it from security holes and concepts. I specifically handled the two most important JavaScript attack patterns or vulnerabilities, which are Security Details in my code exposed accidentally and Cross Site Scripting (XSS) attacks, with Sanitize HTML packag
github.com
To view or add a comment, sign in
-
Hello Connections!! Completed my Day 2 of the DOM XSS Challenge in Lab! 🛡️ Explored web messages and JavaScript URLs to enhance my skills in securing web applications. 🌐 Ready for more challenges and learning! 💡 #Cybersecurity #WebSecurity #XSSChallenge #LearningJourney
Lab: DOM XSS using web messages and a JavaScript URL | Web Security Academy
portswigger.net
To view or add a comment, sign in
-
IT Director with over 17 years' experience managing teams and technical services across diverse IT sectors and geographies, with an MBA in Technology Management, a BSc in IT, CISSP and many other certifications.
Hackers are hiding Trojans in fake jQuery packages. Hackers are targeting unsuspecting developers by distributing malicious libraries that masquerade as the popular JavaScript library, jQuery. These booby-trapped packages are then uploaded to common code repositories like npm and GitHub. This sophisticated attack strategy highlights the importance of careful vetting when integrating third-party libraries into your projects. Don't let malicious code compromise your applications or expose your users' data. Here are some tips for safe development: 1. Stick to reputable sources for your libraries. 2. Thoroughly review code before integration. 3. Stay updated on security vulnerabilities. #jQuery #SecurityVulnerability #DeveloperBeware
Careful, that jQuery package could be loaded with Trojans
techradar.com
To view or add a comment, sign in
-
TL;DR The Google developer documentation includes CSP examples which use domain wildcards (which have been widely cut & pasted), and additionally there are numerous endpoints within the Google eTLDs which are vulnerable to Javascript XSS. These can be combined into an effective attack against any domain with an HTML injection vector that would be otherwise unexploitable. #redteam #blueteam #google #googlecybersecurity
Exploiting CSP Wildcards for Google Domains
attackshipsonfi.re
To view or add a comment, sign in
-
KEY ASPECTS OF SSL SECURITY SERIES 9. VULNERABILITIES: While SSL/TLS is extremely secure when properly set, it has been plagued by flaws in the past, including POODLE, Heartbleed, and BEAST. It is critical to stay current and fix known vulnerabilities. #webdevelopment #html #css #javascript #fullstackwebdevelopment #ITsupport #topnotchITservice #ITconsultation #businessconsultation #remotebusinesssupport #digitalmarketing #virtualassistance #grahicdesign #LocalSEO
To view or add a comment, sign in
-
-
🔒 Cybersecurity Enthusiast | 🐧 Linux | ☕ Java |Network Security| 🌐 Cisco CCNA Certified | 🎓 CyberWing Intern | 📘 Technical Educator | 🏆 Smart India Hackathon (NTRO) & 🏅 TN Police Hackathon Finalist | 🔍 VAPT
Milestone Achieved: Tackled Reflected XSS Challenge! Exciting news! Just cracked the lab: Reflected XSS into a JavaScript string with angle brackets HTML encoded. 🌐🛡️ Successfully maneuvered through encoding challenges, ensuring data integrity while warding off potential vulnerabilities. 💪 What I Learned: Mastering the art of HTML encoding for secure JavaScript strings. Turning potential risks into opportunities for web security enhancement. 🌟 Key Takeaway: In the dynamic world of cybersecurity, each challenge conquered is a step towards a safer digital space. Let's keep pushing boundaries and fortifying our coding arsenals! #CyberSecurityWin #websecurity #XSSChallenge #InfoSecTriumph #JavaScriptSecurity #continuouslearning
Lab: Reflected XSS into a JavaScript string with angle brackets HTML encoded | Web Security Academy
portswigger.net
To view or add a comment, sign in