VU#317469: Partner Software/Partner Web uses does not sanitize Report files and Note content, allowing for XSS and RCE

Threat Score:
76
Kb
10 hours ago

Overview

Overview Partner Software and Partner Web, both products of their namesake company, Partner Software, fail to sanitize report or note files, allowing for XSS attacks. Partner Software is subdivision of N. Harris Computer Corporation and is a field application development company, withproducts intended for use by industry, municipalities, state government, and private contractors. An authorized user of Partner Software or Partner Web application can upload "Reports" when viewing a job. The file u...

Related Articles

5 articles
1

Julio de 2025: los ataques cibernéticos más grandes, ataques de ransomware e violaciones de datos

Ciberseguridadpyme 3 hours ago

La ⁣ciberseguridad se ha convertido en una preocupación seria ya que nuestras ⁢vidas⁣ están significativamente entrelazadas con las tecnologías digitales. Julio de 2025 ha ‍demostrado ser un punto de inflexión debido a algunos de⁣ los mayores ataques⁤ cibernéticos, ataques de ransomware y violaciones de datos presenciadas en⁢ múltiples sectores ⁤y regiones⁣ a nivel mundial. los […] La entrada Julio de 2025: los ataques cibernéticos más grandes, ataques de ransomware e violaciones de datos se pub

Score
91
Read more
2

🚨 Active exploitation alert: Critical SharePoint RCE (CVE-2025-53770) Attackers are actively exploiting a dangerous, unauthenticated remote code execution vulnerability—dubbed "ToolShell"—in Microsoft SharePoint. This flaw allows attackers to bypass auth - LinkedIn

News 5 hours ago

EnglishUnited States Deutsch English Español Français Italiano العربية All languages Afrikaans azərbaycan bosanski català Čeština Cymraeg Dansk Deutsch eesti EnglishUnited Kingdom EspañolEspaña EspañolLatinoamérica euskara Filipino FrançaisCanada FrançaisFrance Gaeilge galego Hrvatski Indonesia isiZulu íslenska Italiano Kiswahili latviešu lietuvių magyar Melayu Nederlands norsk o‘zbek polski PortuguêsBrasil PortuguêsPortugal română shqip Slovenčina slovenščina srpski (latinica) Suomi Svenska Tiế

Score
87
Read more
3

Akira Ransomware Exploits 0-Day Vulnerability in SonicWall Firewall Devices

GB Hackers 3 hours ago

Akira Ransomware Exploits 0-Day Vulnerability in SonicWall Firewall Devices Cybersecurity firm Arctic Wolf has identified a significant increase in ransomware attacks targeting SonicWall firewall devices in late July 2025, with evidence pointing to the exploitation of a previously unknownzero-day vulnerability. The company’s investigation revealed multiple coordinated attacks using SonicWall SSL VPNs as the initial access point, raising serious concerns the security of these widely deployed netw

Score
85
Read more
4

Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices

The Hacker News 5 hours ago

SonicWall SSL VPN devices have become the target of Akira ransomware attacks as part of a newfound surge in activity observed in late July 2025. "In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall SSL VPNs," Arctic Wolf Labs researcher Julian Tuinsaidin a report. The cybersecurity company suggested that the attacks could be exploiting an as-yet-undetermined security flaw in the appliances, meanin

Score
83
Read more
5

New Undetectable Plague Malware Targeting Linux Servers for Persistent SSH Access

GB Hackers 3 hours ago

New Undetectable Plague Malware Targeting Linux Servers for Persistent SSH Access Security researchers have discovered a sophisticated Linux backdoor dubbed “Plague” that has remained undetected by all major antivirus engines despite multiple samples being uploaded to VirusTotal over the past year. The malicious software operates as a Pluggable Authentication Module (PAM), allowing attackers to silently bypass system authentication and maintain persistent SSH access to compromisedLinux systems.

Score
81
Read more