Holm Security discovered a vulnerability in EPiServer’s SiteSeeker product. The vulnerability means that JavaScript in affected web pages can be modified to include malware from another seemingly trustworthy domain. EPiServer has been informed of the vulnerability and they have developed a hotfix for this vulnerability in EPiServer CMS version 11.0.1. EPiServer refers customers to “EPiServer internal ticket ID: ESEE-61”.
Some examples of affected web pages are:
- The National Board of Housing, Building and Planning
- MSB
- Region Östergötland
- Lerum municipality
- Energy Agency
- The Swedish Transport Administration
- TRR Trygghetsrådet
- The Public Health Agency of Sweden
- Västervik municipality
- Gävle fastigheter (real estate)
- Kalmar county council
- Red Cross
- ESF Council
- Konstfack
- Värmland county council
- The Financial Supervisory Authority of Sweden
Belgium
Denmark
Finland
Germany
Malaysia
Netherlands
Norway
Poland
Sweden
UK
April 12, 2024 — Hacker attacks & exploits
Zero-Day Vulnerability in Palo Alto Networks PAN-OS Exploited in the Wild
Read more
February 27, 2024 — Hacker attacks & exploits
Critical Vulnerabilities Discovered in ConnectWise ScreenConnect
Read more
January 24, 2024 — Hacker attacks & exploits
Critical Security Flaw in GoAnywhere MFT: Users Exposed to Unauthorized Admin Access
Read more