Posts Tagged ‘XSS Vulnerability’

OWASP published 2013 Top 10 Vulnerabilities

The Open Web Application Security Project (OWASP) have published the top 10 most dangerous vulnerabilities in web-applications for 2013. This release comes to raise awareness about application security by identifying some of the most critical risks facing organizations. The OWASP Top 10 for 2013 is based on 8 datasets from 7 firms that specialize in [...]

Share

Multiple Vulnerabilities on CBS Website

CBS (cbs.com) is a popular media website that has been found open to about 17 Blind SQL Injection, this is beside several XSS cross site scripting vulnerabilities that risk website users. D35m0nd142 posted on pastbin his finding with images to vulnerable URL’s. For detecting those vulnerabilities D35m0nd142 used Acunetix one of the widely known program [...]

Share
xss

Honeywell WebSite Open to XSS and More

Shadab Siddiqui a security researcher have just revealed several critical vulnerability at honeywell.com , redhat.com, pinterest.com, alshaya.com websites, cross site scripting vulnerability allows attacker to inject an iframe in the website to run a malicious script on visitors computers.  Also it is possible to conduct a click jacking attack where a hacker can use a [...]

Share

Kaspersky Site Vulnerable to Cross-site Scripting Assaults

Kaspersky Lab site is now open to XSS (cross-site scripting) attacks together with Iframe injections. This is not good for any company, especially for a company dealing with security. An XSS attack launches when a web program collects vicious data from an end-user mostly via a hyperlink that carries malicious content inside it. Thus, as [...]

Share

Cross Site Scripting Vulnerabilities in Elgg <= 1.7.9

New vulnerability has been discovered in Elgg an open-source application that helps to create social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications. Well-known Organizations with networks powered by Elgg include: Australian Government, British Government, Federal Canadian Government, MITRE, The World [...]

Share

CSRF Exploit for Joomla 1.6.3 or Lower

New exploit has been published that are targeting Joomla 1.6.3 or lower version the vulnerability  allow an attacker to create a specially crafted URL that would execute arbitrary script code on  victim’s browser. Cross-site request (XSRF or CSRF) is a web application attack that uses the existing trust relationship between web applications and authenticated users [...]

Share

Beware of A New XSS on Facebook

New Cross-site scripting vulnerability has been detected on Facebook and widely exploited in the mobile API version, this vulnerability allows a malicious user to include JavaScript content into a website and redirect victim’s browser to the prepared URL. I have already saw this flaw in the last few days, many of my friend list are [...]

Share