Monthly
Professional Service Automation contains a vulnerability that allows attackers to client-side scripts access to session cookie values (CVSS 6.5).
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface.
A remote code execution vulnerability in HttpOnly flag (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
CVE-2025-49189 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner (admin) approves the testimonial, the script executes in the context of any user visiting the testimonial page. Because the session cookies are not marked with the `HttpOnly` flag, they can be exfiltrated by the attacker - potentially leading to account takeover. Version 1.1.0.3 fixes the issue.
An issue was discovered in Znuny through 7.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cookie policy is observable via built-in browser tools. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Professional Service Automation contains a vulnerability that allows attackers to client-side scripts access to session cookie values (CVSS 6.5).
This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface.
A remote code execution vulnerability in HttpOnly flag (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
CVE-2025-49189 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner (admin) approves the testimonial, the script executes in the context of any user visiting the testimonial page. Because the session cookies are not marked with the `HttpOnly` flag, they can be exfiltrated by the attacker - potentially leading to account takeover. Version 1.1.0.3 fixes the issue.
An issue was discovered in Znuny through 7.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cookie policy is observable via built-in browser tools. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.