Archive

Archive for the ‘Cross Site Scripting’ Category

Xoops XSS and SQLi

January 27th, 2010
Comments Off

Application: Xoops
Affected Version: version 2.4.2 and prior versions.
Vendor’s URL: Xoops
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Medium

Solution:
Update to version 2.4.3.

Content Management, Cross Site Scripting, SQL Injection

Wordpress Google Analytics Plugin XSS

December 24th, 2009
Comments Off

Application: Wordpress
Affected Version: version 3.2.4 and other versions
Vendor’s URL: Google Analytics Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 3.2.5.

Content Management, Cross Site Scripting

WordPress File Upload and Script Insertion

December 1st, 2009
Comments Off

Application: WordPress
Affected Version: version 2.8.5
Vendor’s URL: WordPress
Bug Type: File Upload and Script Insertion
Risk Level: Medium

Solution:
Update to version 2.8.6.

Access Bypass, Content Management, Cross Site Scripting

Drupal Browscap Module Script Insertion

October 23rd, 2009
Comments Off

Application: Drupal
Affected Version: prior to version 5.x-1.1 and 6.x-1.1.
Vendor’s URL: Browscap Module
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Browscap 5.x:
Update to Browscap 5.x-1.1
http://drupal.org/node/592262

Browscap 6.x:
Update to Browscap 6.x-1.1
http://drupal.org/node/592264

Content Management, Cross Site Scripting

Drupal Multiple Vulnerabilities

September 23rd, 2009
Comments Off

Application: Drupal
Affected Version: versions prior to 6.14.
Vendor’s URL: Drupal
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 6.14 or apply the patch.

Content Management, Cross Site Scripting

Drupal BUEditor Module Script Insertion

September 23rd, 2009
Comments Off

Application: Drupal
Affected Version: versions prior to 5.x-1.2 and 6.x-1.4.
Vendor’s URL: BUEditor Module
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 5.x-1.2 or 6.x-1.4.

Content Management, Cross Site Scripting

Drupal Go - url redirects Module Multiple Vulnerabilities

September 23rd, 2009
Comments Off

Application: Drupal Go
Affected Version:
Vendor’s URL: url redirects Module
Bug Type: SQL Injection, Cross Site Scripting, Security Bypass
Risk Level: Critical

Solution:
Update to version 5.x-1.4 or 6.x-1.1.

Access Bypass, Content Management, Cross Site Scripting, SQL Injection

Drupal Webform Report Module Unspecified Script Insertion

August 20th, 2009
Comments Off

Application: Drupal
Affected Version: all 5.x and 6.x versions.
Vendor’s URL: Webform Report Module
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
The vendor recommends disabling and removing the Webform Report module.

Content Management, Cross Site Scripting

XOOPS “op” Cross-Site Scripting

August 20th, 2009
Comments Off

Application: XOOPS
Affected Version: version 2.3.3 and others.
Vendor’s URL: XOOPS
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Fixed in the SVN repository.
http://xoops.svn.sourceforge.net/view…s/pm/viewpmsg.php?r1=2621&r2=3292

Content Management, Cross Site Scripting

Drupal Bibliography Module Script Insertion

August 20th, 2009
Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-1.6 and 5.x-1.17.
Vendor’s URL: Drupal Bibliography Module
Bug Type: Cross Site Scripting
Risk Level: Low

Solution:
Update to version 6.x-1.6 or 5.x-1.17.
http://drupal.org/node/534744
http://drupal.org/node/534752

Content Management, Cross Site Scripting

Drupal Date Module Script Insertion

August 20th, 2009
Comments Off

Application: Drupal
Affected Version: version prior to 6.x-2.3.
Vendor’s URL: Drupal Date
Bug Type: Cross Site Scripting
Risk Level: Low

Solution:
Update to version 6.x-2.3.
http://drupal.org/node/534332

Content Management, Cross Site Scripting

Drupal Calendar Script Insertion

August 20th, 2009
Comments Off

Application: Drupal Calendar
Affected Version: version 6.x-2.1 and other versions.
Vendor’s URL: Drupal
Bug Type: Cross Site Scripting
Risk Level: Low

Solution:
Update to version 6.x-2.2.
http://drupal.org/node/534336

Content Management, Cross Site Scripting

XOOPS Celepar Multiple Vulnerabilities

July 29th, 2009
Comments Off

Application: XOOPS
Affected Version: -
Vendor’s URL: XOOPS Celepar
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Cross Site Scripting, SQL Injection

Joomla Almond Classifieds Component SQLi and XSS

July 29th, 2009
Comments Off

Application: Joomla
Affected Version: version 7.5 and other versions.
Vendor’s URL: Almond Classifieds Component
Bug Type: SQL Injection and Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Cross Site Scripting, SQL Injection

WordPress Comment Author Script Insertion

July 29th, 2009
Comments Off

Application: WordPress
Affected Version: versions prior to 2.8.2.
Vendor’s URL: WordPress Comment Author
Bug Type: Script Insertion
Risk Level: Critical

Solution:
Update to version 2.8.2.

Content Management, Cross Site Scripting

Joomla! Cross-Site Scripting and Information Disclosure

July 29th, 2009
Comments Off

Application: Joomla!
Affected Version: versions prior to 1.5.12.
Vendor’s URL: Joomla!
Bug Type: Cross-Site Scripting and Information Disclosure
Risk Level: Medium

Solution:
Update to version 1.5.13.

Content Management, Cross Site Scripting, Information Disclosure

MyBB Script Insertion

June 27th, 2009
Comments Off

Application: MyBB
Affected Version: versions prior to 1.4.8.
Vendor’s URL: MyBB
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.4.8.

Cross Site Scripting, Discussion Boards

Drupal Links Package Script Insertion

June 27th, 2009
Comments Off

Application: Drupal
Affected Version: versions prior to version 5.x-1.13 and 6.x-1.2.
Vendor’s URL: Drupal Links Package
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 5.x-1.13 or 6.x-1.2.

http://drupal.org/node/501356
http://drupal.org/node/501360

Content Management, Cross Site Scripting

Movable Type Security Bypass and XSS

June 27th, 2009
Comments Off

Application: Movable Type
Affected Version: versions prior to 4.26.
Vendor’s URL: Movable Type
Bug Type: Security Bypass and Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 4.26 or later.

Access Bypass, Blogs, Cross Site Scripting

Drupal Views Module Multiple Vulnerabilities

June 27th, 2009
Comments Off

Application: Drupal
Affected Version: versions prior to 6.x-2.6.
Vendor’s URL: Drupal Views Module
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Critical

Solution:
Update to version 6.x-2.6.
http://drupal.org/node/488082

Access Bypass, Content Management, Cross Site Scripting