Paloaltonetworks Cortex Xsoar XSS now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
CVE-2022-25630An authenticated user can embed malicious content with XSS into the admin group policy page.
Public exploit or PoC available
Exploit activity linked
Symantec Messaging Gateway cross-site scripting now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.
Active exploit activity
CVE-2022-43939Hitachi Vantara Pentaho BA Server Authorization Bypass
Public exploit or PoC available
Exploit activity linked
Potential privilege escalation to admin/root
Hitachi Vantara Pentaho Business Analytics (BA) Server privilege escalation now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.