Recent XSS (Cross Site Scripting) vulnerabilities
Latest information about XSS vulnerabilities
22.02.2012 15:32 Security Flaws Found in Skype Sites: Researcher Ucha Gobejishvili recently uncovered major XSS vulnerabilities i... details >>
22.02.2012 15:31 OWASP Detecting xss vulnerabilities for cookie harvesting with owasp-zap - In this post, i will use a different to ... details >>
22.02.2012 08:12 shares (LiveHelpNow Chat Cross Site Scripting)
22.02.2012 07:12 lv3 SocialCMS Enterprise Cross-Site Scripting and SQL Injection Vulnerabilities details >>
22.02.2012 07:12 [3/5] SocialCMS Enterprise Cross-Site Scripting and SQL Injection Vulnerabilities details >>
22.02.2012 07:12 [2/5] Chyrp "content" Cross-Site Scripting Vulnerability details >>
22.02.2012 07:12 lv2 Chyrp "content" Cross-Site Scripting Vulnerability details >>
22.02.2012 07:11 Free Download Blender 3D + XSS Vulnerability on
22.02.2012 06:48 TeamHav0k Finds XSS in British, French, and US Government Sites: Operation XSS, the operation launched by the gr... details >>
22.02.2012 06:01 Vuln: Fork CMS Cross Site Scripting and Local File Include Vulnerabilities details >>
21.02.2012 19:34 LiveHelpNow Chat Cross Site Scripting: LiveHelpNow Chat suffers from a cross site scripting vulnerability. details >>
21.02.2012 19:34 ForkCMS 3.2.5 Cross Site Request Forgery / Cross Site Scripting: ForkCMS version 3.2.5 suffers from cross site r... details >>
21.02.2012 19:34 Exploit Files - P-Chat 0.9 Cross Site Scripting details >>
21.02.2012 19:30 Exploit Files - CMS Wizard Cross Site Scripting details >>
21.02.2012 19:03 Exploit Files - LiveHelpNow Chat Cross Site Scripting details >>
21.02.2012 18:33 Raleigh OWASP chapter is doing hands-on XSS training next meetup March 7th. details >>
21.02.2012 18:03 FEX vers 20100208 Cross Site Scripting Vulnerabilities details >>
21.02.2012 15:03 Cross Site Scripting on 'Cambio, Periodico del Estado Boliviano' - Info: details >>
21.02.2012 15:03 Microsoft Outlook Web Access for Exchange Server HTML Parsing Cross-Site Scripting Vulner details >>
20.02.2012 23:48 Webminar XSS botnet details >>
XSS vulnerabilities Archive 2011
Here is short summary of recent XSS (Cross Site Scripting) vulnerabilities discovered by eVuln team. Full list with details is available on the eVuln Security Advisories page.
search - Non-persistent XSS in Social Share.
Description.
It is possible to inject xss code into search parameter in search.php script.
Parameter search is not properly sanitized before being used in HTML code.
Exploit.
XSS example: http://website/socialshare/search.php?search=<XSS>
Solution
Solution is not available.
Other details >>link and linkdescription XSS in Social Share.
Description.
It is possible to inject xss code into link and linkdescription parameters in processPost.php script.
Parameters link and linkdescription are not properly sanitized before being used in HTML code.
Exploit.
link: javascript:alert('XSS')
description: "><script>alert('XSS')</script><aaa aa="
Solution
Solution is not available.
Other details >>title,url - Non-persistent XSS in Social Share.
Description.
It is possible to inject xss code into title and url parameters in save.php script.
Parameters title, url are not properly sanitized before being used in HTML code.
Exploit.
XSS example1: http://website/socialshare/save.php?title=<XSS>
XSS example2: http://website/socialshare/save.php?url="><XSS>
Solution
Solution is not available.
Other details >>error - Non-persistent XSS in slickMsg.
Description.
It is possible to inject xss code into error parameter in views/Site/error.php script.
Parameter error is not properly sanitized before being used in HTML code.
Condition: register_globals: on
Exploit.
XSS example: http://site/slickmsg/views/Site/error.php?error=<script>alert('XSS')</script>
Solution
Solution is not available.
Other details >>BBCode CSS XSS in slickMsg.
Description.
It is possible to inject XSS code (expression) into CSS style of size and color bbcodes.
size and color values are not properly sanitized before being used in CSS code.
Note: works in MS IE
Exploit.
XSS example 1: [size=expression(alert(123))]size[/size]
XSS example 2: [color=expression(alert(456))]blue[/color]
Solution
Solution is not available.
Other details >>