<< Previous Next >>
cross/site scripting
(http://www.securityfocus.com/archive/1/505251/30/0/threaded). There I made
enough arguments why it's dangerous vulnerability and why Mozilla and
Michal are not right and so it's better to fix it. Read my message at
Bugtraq, maybe it'll change your mind on this issue ;-).
> The best way to defend against any Cross Site Scripting attacks is to
> sanitize all inputs and outputs properly on your website
XSS vulnerabilities must be fixed and when they are made at web sites, then
they must be fixed at web sites. But in this case browsers developers made
XSS holes (JavaScript execution) in redirectors, so they just from
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Multiple Cross Site Scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2009-2733
Two smaller issues in s9y, published here:
http://int21.de/cve/CVE-2008-1386-s9y.html
http://int21.de/cve/CVE-2008-1387-s9y.html
Cross Site Scripting (XSS) in serendipity 1.3 referrer plugin, CVE-2008-1385
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1385
http://www.s9y.org/
Description
Release Type: Co-ordinated, responsible disclosure
2. Vulnerability Information
----------------------------------------------------------------------------------------------
Class: SQL Injection, Insecure File Upload, Cross Site Scripting,
Filepath Disclosure
Remotely Exploitable: Yes
Locally Exploitable: No
application that consists of several well known Kayako
products such as Kayako LiveResponse and Kayako eSupport.
Unfortunately there are several security issues in Kayako
SupportSuite that may allow for an attacker to gain access
to a staff account and then escalate their privileges to
administrator. These issues include Cross Site Scripting,
Script Injection, and SQL Injection. All of these issues
are resolved in Kayako SupportSuite 3.30 and users should
upgrade as soon as possible.
Advisory: IceWarp WebMail Server: User-assisted Cross Site Scripting in
RSS Feed Reader
During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to user-assisted Cross Site Scripting
attacks in its RSS feed reader. If attackers control or compromise an
RSS feed users are subscribed to, they can run arbitrary JavaScript code
in the users' browsers by embedding it within the feed.
Advisory: IceWarp WebMail Server: Cross Site Scripting in Email View
During a penetration test, RedTeam Pentesting discovered that the IceWarp
WebMail Server is prone to Cross Site Scripting attacks in its email view.
This enables attackers to send emails with embedded JavaScript code,
for example, to steal users' session IDs.
Details
=======
functionality.
The ASP.Net view state is typically stored in a hidden field
named "__VIEWSTATE". When a page's view state is not
cryptographically signed, many standard .Net controls are
vulnerable to Cross-Site Scripting (XSS) through the view
state.
It is well documented that using an unsigned view state is
"bad", but most previous advisories focus on vaguely
described threats or vulnerabilities introduced by custom
C) "JSP Dump" reflected XSS
(Affected versions: Any)
It has been found that the demo "JSP Dump" feature is vulnerable to
reflected Cross Site Scripting attacks. This can be replicated by
issuing a GET request to the "/test/jsp/dump.jsp" page:
"/test/jsp/dump.jsp?%3Cscript%3Ealert(%22hello%20world%22)%3C/script%3E"
Any GET key and value that reach the remote is reflected unencoded.
Privileged Access, Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02247738
Version: 1
functionality.
The ASP.Net view state is typically stored in a hidden field
named "__VIEWSTATE". When a page's view state is not
cryptographically signed, many standard .Net controls are
vulnerable to Cross-Site Scripting (XSS) through the view
state.
It is well documented that using an unsigned view state is
"bad", but most previous advisories focus on vaguely
described threats or vulnerabilities introduced by custom
functionality.
The ASP.Net view state is typically stored in a hidden field
named "__VIEWSTATE". When a page's view state is not
cryptographically signed, many standard .Net controls are
vulnerable to Cross-Site Scripting (XSS) through the view
state.
It is well documented that using an unsigned view state is
"bad", but most previous advisories focus on vaguely
described threats or vulnerabilities introduced by custom
Two smaller issues in s9y, published here:
http://int21.de/cve/CVE-2008-1386-s9y.html
http://int21.de/cve/CVE-2008-1387-s9y.html
Cross Site Scripting (XSS) in serendipity 1.3 referrer plugin, CVE-2008-1385
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1385
http://www.s9y.org/
Description
url, menu, sort, check[], edituser, edit, blog, cat.
Path Disclosure:
http://[HOST]/pivot/pivot/tb.php?tb_id=1&url='
Cross Site Scripting: (can only be triggered when One is not logged in).
http://[HOST]/pivot/pivot/index.php?menu="><script>alert(0)</script><br
Cross Site Scripting: (triggers on logged in administrators only) [low
or no impact due to session-key in url]
http://[HOST]/pivot/pivot/index.php?session=VALIDSESSION&menu=entries&sort="><script>alert(0)</script>
Product: F5 FirePass
http://www.f5.com/products/firepass/
The F5 FirePass SSL VPN appliance provides rudimentary web request sanitization for resources exposed through the appliance via Portal Access. This Content Inspection feature can be configured and customized through the web management interface to optimize protection against cross-site scripting and SQL injection. The "XSS scripting" configuration page even prominently states the following:
"The FirePass can aid in preventing Cross Site Scripting attacks via vulnerable web servers. This is done by scanning URL arguments and form POST data sent by users through Web Applications, and blocking the request if it looks suspicious. Note that the FirePass user and admin console interfaces are already protected against Cross Site Scripting attacks."
Ironically these very pages contain cross-site scripting vulnerabilities. Specifically, parameter css_exceptions in page /vdesk/admincon/webyfiers.php and parameter sql_matchscope in page /vdesk/admincon/index.php are vulnerable due to incorrect handling of quotes. This allows an attacker to force premature termination of the parameter value and to inject an event handler script. This injection is permanent because it is embedded in the parameter value. At the same time it is possible to remove (also permanently) the "Update" button on the web form, which complicates the injection removal.
Hello Bugtraq!
I want to warn you about new vulnerabilities in Invision Power Board.
These are Cross-Site Scripting vulnerabilities. Attack is going via
attachment (at click on the attachment in the post at forum or on the link
to this attachment). These are persistent XSS vulnerabilities.
I know for a long time about possibility of attacks via swf-files. So many
years ago I turned off support of swf-files in attachments (and in avatars
---[ Severity Rating ]
Severity: Medium
Impact: Cross-Site Scripting, installation path disclosure
Attack Vector: Remote
CVSS v2:
Base Score: 4.3
Temporal Score: 3.4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Onapsis Security Advisory 2010-006: SAP J2EE Web Services Navigator
Cross-Site Scripting
This advisory can be downloaded in PDF format from
http://www.onapsis.com/.
By downloading this advisory from the Onapsis Resource Center, you
will gain access to beforehand information on upcoming advisories,
really does have everything you need for web media gallery management.
The following web vulnerabilities were found in Zenphoto Version 1.3;
1. SQL injection in “/zenphoto_1_3/zp-core/full-image.php”, parameter “a”.
2. Cross-site Scripting vulnerability in
“/zenphoto_1_3/zp-core/admin.php”, parameter “from”.
3.Cross-site Scripting vulnerability in
“/zenphoto_1_3/zp-core/admin.php”, parameter “user”.
Technical details about each web vulnerability are below;
Hello Bugtraq!
I want to warn you about Cross-Site Scripting vulnerability in Internet
Explorer. This is Post Persistent XSS (Save XSS)
(http://websecurity.com.ua/2641/).
-------------------------
Affected products:
-------------------------
Title: ManageEngine EventLog Analyzer Multiple Cross-site Scripting (XSS) Vulnerabilities
Risk (CVSS2 Base Score): Low (3.9)
Solutionary ID: SERT-VDN-1001
CVE ID: Pending
Solutionary disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/ManageEngine-XSS-vulnerabilities.html
Product: ManageEngine EventLog Analyzer version 6.1
Application vendor: ManageEngine
Vendor URL: http://www.manageengine.com/products/eventlog/
Date discovered: 9/15/2010
Advisory: Cross-Site Scripting vulnerability in Nagios
Advisory ID: SSCHADV2011-002
Author: Stefan Schurtz
Affected Software: Successfully tested on: nagios-3.2.0 / nagios-3.2.3
Vendor URL: http://www.nagios.org
Vendor Status: ID 0000207: Cross-Site Scripting vulnerability in Nagios
CVE-ID: -
==========================
Vulnerability Description:
Information
--------------------
Name : XSS vulnerability in Tracks
Software : Tracks 1.7.2.
Vendor Hompeage : http://getontracks.org/
Vulnerability Type : Cross-Site Scripting
Severity : High
Researcher : Mesut Timur <mesut [at] mavitunasecurity [dot] com>
Advisory Reference : NS-11-003
Description
Information
--------------------
Name : XSS vulnerability in Redmine
Software : all Redmine versions from 1.0.1 to 1.1.1
Vendor Homepage : http://www.redmine.org
Vulnerability Type : Cross-Site Scripting
Severity : High
Researcher : Mesut Timur <mesut [at] mavitunasecurity [dot] com>
Advisory Reference : NS-11-004
Description
Document ID: c02807712
Version: 1
HPSBMA02667 SSRT100464 rev.1 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-04-21
Last Updated: 2011-04-21
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02807712
Version: 1
HPSBMA02667 SSRT100464 rev.2 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-04-21
Last Updated: 2011-04-26
Document ID: c02807712
Version: 3
HPSBMA02667 SSRT100464 rev.3 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-04-21
Last Updated: 2011-05-03
Information
-----------------------------------
Name : XSS vulnerability in TWiki
Software : TWiki 5.0.1 and possibily below.
Vendor Hompeage : http://twiki.org/
Vulnerability Type : Cross-Site Scripting
Severity : High
Researcher : Mesut Timur <mesut [at] mavitunasecurity [dot] com>
Advisory Reference : NS-11-005
CVE : CVE-2011-1838
> Information
> --------------------
> Name : XSS vulnerability in Redmine
> Software : all Redmine versions from 1.0.1 to 1.1.1
> Vendor Homepage : http://www.redmine.org
> Vulnerability Type : Cross-Site Scripting
> Severity : High
> Researcher : Mesut Timur <mesut [at] mavitunasecurity [dot] com>
> Advisory Reference : NS-11-004
>
> Description
Concrete CMS 5.4.1.1 <= Cross Site Scripting
1. OVERVIEW
Concrete CMS 5.4.1.1 and lower versions are vulnerable to Cross Site Scripting.
2. BACKGROUND
<<Previous Next>>
|
