Skip to content
Raxis
  • Home
  • Services
      Core Services
    • Raxis Red Team
    • AI Augmented Penetration Testing
    • Penetration Testing as a Service (PTaaS)
    • Elite Cybersecurity Services
    • Raxis listed as a Sample Vendor for Penetration Testing as a Service in two Gartner® Hype Cycle™, 2024 reports
    • Penetration Testing
    • Penetration Testing Services
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
    • CyberSecurity Services
    • Compliance: PCI, HIPAA, GLBA, and more
    • Attack Surface Management
    • Breach and Attack Simulation
    • Cybersecurity Code Review
    • Cybersecurity Red Team
    • Phishing and Spear Phishing
    • Social Engineering
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
    • Compliance Driven
    • Credit Card Industry (PCI)
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Healthcare (HIPAA)
    • Manufacturing
    • SOC 2
    • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Careers
    • Meet Our Team
    • Signup for Raxis News
    • Resources
    • The Exploit Blog
    • Become a Raxis Partner
    • Certifications
    • Raxis One
    • Transporter Remote Pentesting
    • About Ethical Hacking
    • An Inside Look at a Raxis Red Team
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • What is a Penetration Test?
    • What is Web Application Penetration Testing?
  • The Exploit Blog
  • About Us
Contact Raxis Login
Raxis
Contact RaxisIcon Link to Contact Raxis
  • Home
  • Services
      Core Services
    • Raxis Red Team
    • AI Augmented Penetration Testing
    • Penetration Testing as a Service (PTaaS)
    • Elite Cybersecurity Services
    • Raxis listed as a Sample Vendor for Penetration Testing as a Service in two Gartner® Hype Cycle™, 2024 reports
    • Penetration Testing
    • Penetration Testing Services
    • Web Application Penetration Testing
    • API Security
    • Salesforce Applications
    • Internal Networks, Cloud, and VPC
    • External Networks and Internet
    • Wireless Networks
    • Mobile Applications
    • CyberSecurity Services
    • Compliance: PCI, HIPAA, GLBA, and more
    • Attack Surface Management
    • Breach and Attack Simulation
    • Cybersecurity Code Review
    • Cybersecurity Red Team
    • Phishing and Spear Phishing
    • Social Engineering
  • Industries
      Critical Infrastructure
    • Energy
    • Communications
    • Transportation
    • Water
    • Compliance Driven
    • Credit Card Industry (PCI)
    • Education
    • Finance and Banking
    • GLBA Safeguards Rule
    • Government Agencies
    • Healthcare (HIPAA)
    • Manufacturing
    • SOC 2
    • Technology
    • Technology and Software Development
    • Blockchain and Cryptocurrency
    • Media and Entertainment
    • Social Media
  • Resources
      Company Information
    • About Raxis
    • Careers
    • Meet Our Team
    • Signup for Raxis News
    • Resources
    • The Exploit Blog
    • Become a Raxis Partner
    • Certifications
    • Raxis One
    • Transporter Remote Pentesting
    • About Ethical Hacking
    • An Inside Look at a Raxis Red Team
    • Red, Blue, and Purple Teams
    • Penetration Test Glossary
    • What is a Penetration Test?
    • What is Web Application Penetration Testing?
  • The Exploit Blog
  • About Us

The Exploit

Raxis Cybersecurity Insights From The Frontlines

  • Introduction to Cross-Site Scripting
    How To | Security Recommendations

    Introduction to Cross-Site Scripting

    ByRaxis Research Team October 29, 2021

    This video covers the basics of cross-site scripting, including reflected, stored, and DOM-based XSS as well as remediation to protect against these attacks.

    Read More Introduction to Cross-Site ScriptingContinue

  • Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156
    Patching | Security Recommendations

    Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156

    ByRaxis Research Team September 17, 2021

    Nagios is open-source network and system monitoring software. Raxis’ Matt Dunn has discovered a cross-site scripting vulnerability that could leave users open to attack.

    Read More Nagios XI Stored Cross-Site Scripting (XSS): CVE-2021-38156Continue

  • PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)
    Patching | Security Recommendations

    PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)

    ByRaxis Research Team August 20, 2021July 28, 2025

    Raxis lead penetration tester Matt Dunn uncovers a new vulnerability in the PRTG Network Monitor (CVE-2021-29643). Read more here.

    Read More PRTG Network Monitor Stored Cross-Site Scripting Vulnerability (CVE-2021-29643)Continue

  • JavaScript Execution to Display User's Cookie in an Alert Box
    Security Recommendations

    ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability (CVE-2021-31813)

    ByRaxis Research Team June 25, 2021July 28, 2025

    Raxis’ Matt Dunn has discovered another ManangeEngine cross-site scripting (XSS) vulnerability, this time in the Applications Manager product (CVE-2021-31813).

    Read More ManageEngine Applications Manager Stored Cross-Site Scripting Vulnerability (CVE-2021-31813)Continue

  • Unescaped JavaScript Tags
    Exploits

    ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability (CVE-2021-28382)

    ByRaxis Research Team June 11, 2021July 28, 2025

    Raxis’ Lead Penetration Tester Matt Dunn discovers another cross-site scripting vulnerability in Zoho’s MangeEngine Key Manager Plus (CVE-2021-28382).

    Read More ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability (CVE-2021-28382)Continue

  • Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)
    Exploits

    Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)

    ByRaxis Research Team May 20, 2021July 26, 2025

    Raxis lead penetration tester Matt Dunn has uncovered a new cross-site scripting vulnerability in Manage Engine AD Self Service Plus (CVE-2021-27956). Find out more here.

    Read More Cross-Site Scripting Vulnerability in ManageEngine AD Self Service Plus (CVE-2021-27956)Continue

  • Emblem of the Foreign Intelligence Service of the Russian Federation
    In The News | Patching | Security Recommendations

    NSA, FBI, CISA Statement on Russian SVR Activity

    ByRaxis Research Team April 21, 2021July 31, 2025

    The US government is warning businesses to beware of vulnerabilities being exploited by the Russian Foreign Intelligence Service (SVR RF). But that’s not the only group taking advantage. Here’s what you should do.

    Read More NSA, FBI, CISA Statement on Russian SVR ActivityContinue

  • How to Pull Off a Mousejacking Attack
    Exploits | How To | Security Recommendations

    How to Pull Off a Mousejacking Attack

    ByRaxis Research Team February 5, 2021July 28, 2025

    Raxis’ penetration testing team demonstrates how to conduct a mousejacking attack to gain access as part of a penetration test.

    Read More How to Pull Off a Mousejacking AttackContinue

  • Penguin with red cross
    Patching | Security Recommendations

    Sudo Privilege Escalation Vulnerability Discovered

    ByRaxis Research Team January 27, 2021

    Qualys has discovered and reported a serious vulnerability (CVE-2021-3156) affecting the sudo utility. Patches are now available and Raxis recommends applying them immediately.

    Read More Sudo Privilege Escalation Vulnerability DiscoveredContinue

  • Cisco with bandaids
    Patching | Security Recommendations

    Cisco Patches Critical Security Vulnerabilities

    ByRaxis Research Team January 22, 2021August 22, 2025

    Cisco releases patches for some critical and high-severity vulnerabilities. Learn about the vulnerabilities and patches from the Raxis penetration testing team.

    Read More Cisco Patches Critical Security VulnerabilitiesContinue

  • Understanding Vulnerability Management
    Security Recommendations

    Understanding Vulnerability Management

    ByBrian Tant January 14, 2021June 6, 2025

    One of our most common findings in Raxis penetration tests is the lack of an effective vulnerability management system. Here’s why that’s important.

    Read More Understanding Vulnerability ManagementContinue

  • Brian Tant, Raxis VP of Engineering
    Security Recommendations

    Why Network Segmentation is a Best Security Practice

    ByBrian Tant October 2, 2020June 6, 2025

    Network segmentation can be an important line of defense against hackers. Raxis’ CTO Brian Tant explains why in this continuation of our Top 10 Vulnerabilities series.

    Read More Why Network Segmentation is a Best Security PracticeContinue

Page navigation

Previous PagePrevious 1 2 3 Next PageNext

2870 Peachtree Road
Suite #915-8924
Atlanta, GA 30305 USA

Contact us online

About Raxis

  • About Raxis
  • Careers
  • Terms and Conditions
  • Privacy Policy
  • Partners, Apply Here

Resources

  • The Exploit
  • Transporter Remote Penetration Testing
  • Penetration Test Glossary
  • What is a Penetration Test?
Facebook X Instagram Linkedin YouTube