Posts Tagged ‘XSS’

Wordpress VulnerabilityVulnerability: Multiple vulnerabilities in WordPress

Danger: Average
Patch: Yes
Number of vulnerabilities: 3

Vector of operation: Remote
Impact: Cross Site Scripting, Disclosure of sensitive data

Affected products: WordPress 3.x

Affected versions: WordPress version to 3.5.1. (more…)

Сross Site SсriрtingXSS (Сross Site Sсriрting) – a type of vulnerability of interactive information systems in the network (eg, browsers) that is in server-generated pages embedded scripts that run on the client side.

The specificity of this tactic is that, instead of a direct attack on the server are then used vulnerable server as a means to attack your computer. An attacker can use XSS to bypass access control measures, such as rules limiting the domain. Approximately 80.5% of all recorded in 2007 by Symantec vulnerabilities accounted for by cross-site scripting. Damage from attacks using XSS varies depending on the value of the information processed in the vulnerable site, and the security measures taken by the site owner.

Simply put, XSS, (also known as CSS, which creates confusion with the term ‘Cascading Style Sheets’), is the most common vulnerability occurring among web applications. With XSS an attacker can inject into a Web page with malicious code. XSS is possible because of the lack of validation of data entered by the user, or the lack of filtering. Inadequate handling of user data input may lead to malicious code in the user’s browser. (more…)

Drupal logoVulnerability: Multiple vulnerabilities in Drupal Basic webmail

Danger: Middle
Patch: Yes
Number of vulnerabilities: 3
Impact: Cross Site Scripting, Disclosure of sensitive data

Affected products: Drupal Basic webmail Module 6.x

Affected versions: Drupal Basic webmail version to 6.x-1.2, maybe earlier. (more…)

XSS alertVulnerability: XSS in CGI.pm

Danger: Low
Number of vulnerabilities: 1
CVE ID: CVE-2010-2761
CVE-2010-4411

Impact: Cross Site Scripting
Affected products: CGI.pm

Affected versions: CGI.pm 3.50, possibly earlier. (more…)

MicrosoftVulnerability: XSS in Microsoft products

Danger: Low
Patch: Yes
Number of vulnerabilities: 1
CVE ID: CVE-2012-2520
Impact: Cross Site Scripting
Vulnerable products: Microsoft Office InfoPath 2007, Microsoft InfoPath 2010, Microsoft Office Communicator 2007, Microsoft Lync 2010, Microsoft Lync 2010 Attendant, Microsoft Office SharePoint Server 2007, Microsoft Office SharePoint Server 2010, Microsoft Groove Server 2010, Microsoft Windows SharePoint Services 3.x, Microsoft SharePoint Foundation 2010, Microsoft Office Web Apps 2010. (more…)

Opera AlertVulnerability: Cross-site scripting in Opera

Danger: Middle
If the Patch: None
Number of vulnerabilities: 1
Impact: Cross Site Scripting
Affected products: Opera 12.x

Affected versions: Opera 12.02 for Windows, Mac OS and Linux, possibly earlier

Description:

The vulnerability allows malicious people to conduct XSS attacks. (more…)

Wordpress VulnerabilityVulnerability: Multiple vulnerabilities in WordPress Spider Calendar

Danger: middle
Number of vulnerabilities: 2
Impact: Cross Site Scripting
Unauthorized manipulation of data
Affected products: WordPress Spider Calendar Plugin 1.x

Affected versions: WordPress Spider Calendar 1.0.1, possibly earlier. (more…)

Wordpress VulnerabilityVulnerability: Cross-site scripting in the WordPress Purity Theme

Danger: Low
If the Patch: None
Number of vulnerabilities: 1
Impact: Cross Site Scripting
Affected products: WordPress Purity Theme

Affected versions: WordPress Purity TOPIC LINKS (more…)

Apple LogoApple released a patch 121 in the 6th version of the browser Safari. 117 of 121 newly discovered vulnerability found in the browser engine – WebKit. According to experts, most of the vulnerabilities discovered in the browser engine, allow cybercriminals to execute arbitrary code and force the robot to complete the application.

Apple also released a new patch, called “Close” XSS-vulnerability and the patch, which should solve the problem of access control. This vulnerability could allow an attacker to send any file from the victim’s computer to a remote server. Also released fix that solves the problem of auto-complete passwords. Autocomplete produced even if a site like function disabled. The company also released an update, closes XSS-vulnerability in the boot loader files, built-in browser.

Cross-site scriptingXSS in Drupal Exposed Filter Data

Impact: Cross Site Scripting

Affected products: Drupal Exposed Filter Data Module 6.x

Affected versions: Drupal Exposed Filter Data to version 6.x-1.2.

Description:

The vulnerability allows malicious people to conduct XSS attacks. (more…)