What is WAF and How does it work?
A web application firewall (WAF) secures a web application such as websites from several application attacks such as cross-site scripting
Prophaze Webinar 2021
LIVE WEBINAR meet 2021 27th October, 2021 Let’s WAF with Prophaze Explore the other 4 by registering for your spot
CVE-2021-33328
Cross-site scripting (XSS) vulnerability in the Asset module’s edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP
Bot Protection
Bot Protection Understanding Risks and Strategies for Mitigation Prophaze offers a sophisticated bot protection solution. Also, it can prevent scanners
CVE-2020-18671
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php. (CVSS:0.0) (Last Update:2021-06-24)
CVE-2021-32713
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability.
CVE-2020-18668
Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via the description parameter to script/listcalls. (CVSS:0.0) (Last Update:2021-06-24)
Securing Container Contents
The core to any container security effort is testing the code and supplementary components which will execute within containers, and
CVE-2020-21517
Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php. (CVSS:0.0) (Last Update:2021-06-21)
CVE-2021-28833
Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796. (CVSS:0.0) (Last Update:2021-06-21)
CVE-2019-25047
Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS during 404 URL handling in gsad.
CVE-2021-34815
CheckSec Canopy before 3.5.2 allows XSS attacks against the login page via the LOGIN_PAGE_DISCLAIMER parameter. (CVSS:0.0) (Last Update:2021-06-18)
CVE-2021-1541
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to
CVE-2020-35761
bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code. (CVSS:0.0) (Last Update:2021-06-16)
CVE-2021-21668
Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable
CVE-2021-21667
Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored
CVE-2021-21441
There is a XSS vulnerability in the ticket overview screens. It’s possible to collect various information by having an e-mail
CVE-2021-1571
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to
Cisco Finesse and Cisco Virtualized Voice Browser OpenSocial Gadget Editor Vulnerabilities
The vulnerabilities are dependent on one another; exploitation of one of the vulnerabilities is required to exploit the other vulnerability.
Details about the vulnerabilities are as follows:
Cisco Finesse and Cisco Virtualized Voice Browser OpenSocial Gadget Editor Unauthenticated Access Vulnerability
A vulnerability in the web management interface of Cisco Finesse and Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to access the OpenSocial Gadget Editor without providing valid user credentials.
The vulnerability is due to missing authentication for a specific section of the web-based management interface. An attacker could exploit this vulnerability by accessing a crafted URL. A successful exploit could allow the attacker to obtain access to a section of the interface, which they could use to obtain potentially confidential information and create arbitrary XML files.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE ID: CVE-2021-1246Bug ID(s): CSCvs52916, CSCvw27957Security Impact Rating (SIR): MediumCVSS Base Score: 6.5CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Cisco Finesse OpenSocial Gadget Editor Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE ID: CVE-2021-1245Bug ID(s): CSCvs52916Security Impact Rating (SIR): MediumCVSS Base Score: 6.1CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2021-21666
Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint,
CVE-2021-20293
A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it
CVE-2021-33665
SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions – KRNL64NUC – 7.49, KRNL64UC – 7.49,7.53,
Containers and the OWASP Top 10
The Open Web Application Security Project (OWASP) periodically publishes a list of the top 10 web application security risks. The
WAF role security
Prophaze WAF Role Security Reliable, Automated Blocking Prophaze WAF 3.0 is a Distributed proactive web security platform designed to defend