CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)
CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)

Matt Dunn discovers another ManageEngine vulnerability, this one in the Support Center Plus application.

CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)
CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)

Raxis lead penetration tester Matt Dunn continues his prolific discovery of new cross-site scripting CVEs.[…]

Submit Button
Hackers See Opportunity Where You See Only a Button

In this post, Raxis VP Brad Herring explains how web proxy tools can turn even[…]

Cross-Site Scripting: Filter Evasion & Sideloading Payloads
Cross-Site Scripting (XSS): Filter Evasion and Sideloading

Matt Dunn takes us deeper into cross-site scripting in this video that discusses filter evasion[…]

Introduction to Cross-Site Scripting
Introduction to Cross-Site Scripting

Raxis lead penetration tester Matt Dunn explains cross-site scripting and how it can be used[…]

Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156
Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156

Nagios is open-source network and system monitoring software. Raxis’ Matt Dunn has discovered a cross-site[…]

Cookie Jar
Keep Your Cookies in the Cookie Jar: HttpOnly and Secure Flags

How can cookies be used against you? And how do you keep that from happening?[…]

PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)
PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)

Raxis lead penetration tester Matt Dunn uncovers a new vulnerability in the PRTG Network Monitor[…]

Unescaped JavaScript Tags
ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability (CVE-2021-28382)

Raxis’ Lead Penetration Tester Matt Dunn discovers another cross-site scripting vulnerability in Zoho’s MangeEngine Key[…]

Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)
Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)

Raxis lead penetration tester Matt Dunn has uncovered a new cross-site scripting vulnerability in Manage[…]