Skip to main content
← All Articles

Tag

#XSS

14 articles

Advertisement

VU
HIGH
Vulnerabilities

WordPress Sites Targeted via Kirki and Burst Statistics Vulnerabilities

Attackers are exploiting unauthenticated stored XSS in Kirki and Burst Statistics plugins to achieve privilege escalation and website takeover.

Runtime Rebel Intel
3 min read·Jun 3, 2026
VU
HIGH
Vulnerabilities

CVE-2021-22291: ABB EIBPORT V3 <3.9.2 Session Hijacking Vulnerability

ABB EIBPORT V3 devices are vulnerable to CVE-2021-22291 (XSS/session hijacking), allowing unauthenticated access and configuration changes. Patch immediately.

Runtime Rebel Intel
4 min read·May 28, 2026
VU
CRITICAL
Vulnerabilities

CVE-2024-50498: CISA Orders Patch for Exploited cPanel Plugin Flaw

CISA mandates federal agencies patch CVE-2024-50498, an actively exploited LiteSpeed cPanel plugin vulnerability, to prevent unauthorized account access.

Runtime Rebel Intel
4 min read·May 27, 2026
VU
MEDIUM
Vulnerabilities

CVE-2026-4293: Kieback & Peter DDC XSS — Mitigate Building Controller Risks

CISA warns of CVE-2026-4293, a Cross-site Scripting vulnerability in Kieback & Peter DDC Building Controllers. Attackers could control victim browsers, affecting

Runtime Rebel Intel
4 min read·May 19, 2026
CVE-2026-42897: Microsoft Exchange OWA XSS Zero-Day Under Attack
CRITICAL
Vulnerabilities

CVE-2026-42897: Microsoft Exchange OWA XSS Zero-Day Under Attack

Active Zero-Day XSS vulnerability, CVE-2026-42897, impacts Microsoft Exchange OWA, allowing mailbox compromise. No patch available.

Runtime Rebel Intel
5 min read·May 19, 2026
VU
CRITICAL
Vulnerabilities

CVE-2026-42897: Microsoft Exchange XSS Under Active Exploitation

CISA adds CVE-2026-42897, a Microsoft Exchange Server Cross-Site Scripting vulnerability, to KEV Catalog due to active exploitation. Immediate patching advised.

Runtime Rebel Intel
4 min read·May 15, 2026
CVE-2026-42897: How Attackers Exploit Microsoft Exchange Server
CRITICAL
Vulnerabilities

CVE-2026-42897: How Attackers Exploit Microsoft Exchange Server

Microsoft warns of active exploitation of CVE-2026-42897, a critical spoofing and XSS vulnerability in on-premise Exchange Server triggered via email.

Runtime Rebel Intel
3 min read·May 15, 2026
CVE-2023-29489: How Attackers Exploit cPanel XSS for Auth Bypass
CRITICAL
Vulnerabilities

CVE-2023-29489: How Attackers Exploit cPanel XSS for Auth Bypass

A critical authentication bypass in cPanel via CVE-2023-29489 is under active exploitation. Discover technical details and essential mitigation steps.

Runtime Rebel Intel
4 min read·May 4, 2026
VU
HIGH
Vulnerabilities

Zimbra XSS Attacks: Over 10,000 Servers Vulnerable — Patch Now

Ongoing cross-site scripting (XSS) attacks exploit a flaw in Zimbra Collaboration Suite (ZCS), leaving over 10,000 online servers vulnerable.

Runtime Rebel Intel
4 min read·Apr 24, 2026
VU
MEDIUM
Vulnerabilities

CVE-2025-13902: Patching Schneider Electric Modicon Controllers

Schneider Electric Modicon M241 and M251 controllers face XSS risks via CVE-2025-13902. Learn how to patch firmware and secure industrial control networks.

Runtime Rebel Intel
3 min read·Mar 19, 2026
VU
HIGH
Vulnerabilities

CVE-2025-66376: ZCS Cross-Site Scripting Actively Exploited

CISA adds CVE-2025-66376, a Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting vulnerability, to its KEV Catalog due to active exploitation. Immediate

Runtime Rebel Intel
4 min read·Mar 18, 2026
VU
HIGH
Vulnerabilities

CVE-2024-4510: Zimbra Collaboration Suite XSS Exploitation Guide

CISA adds CVE-2024-4510 to the KEV catalog following active exploitation of a Zimbra Collaboration Suite XSS vulnerability. Patch ZCS version 9.0.0 today.

Runtime Rebel Intel
3 min read·Mar 18, 2026