Skip to content

SSCHADV2012-014 - Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities

Advisory:
Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities
Advisory ID:
SSCHADV2012-014
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Joomla 2.5.6
Vendor URL:
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
With activated "Module Language Switcher – position-4" (Extensions -> Modules -> Module Manager: Module Language Switcher), multiple XSS are possible.
 
Continue reading "SSCHADV2012-014 - Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities"

SSCHADV2012-019 - Admidio 2.3.5 Multiple security vulnerabilities

Advisory:
Admidio 2.3.5 Multiple security vulnerabilities
Advisory ID:
SSCHADV2012-019
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Admidio 2.3.5
Vendor URL:
Vendor Status:
fixed
CVE-ID:
CVE-2012-4748, CVE-2012-4749
 
======================
Vulnerability Description
======================
 
Admidio 2.3.5 is prone to XSS and SQLi vulnerabilities
 
Continue reading "SSCHADV2012-019 - Admidio 2.3.5 Multiple security vulnerabilities"

SSCHADV2012-020 - PHPExcel 1.7.7 Cross-Site Scripting vulnerability

Advisory:
PHPExcel 1.7.7 Cross-Site Scripting vulnerability
Advisory ID:
SSCHADV2012-020
Author:
Stefan Schurtz
Affected Software:
Successfully tested on PHPExcel 1.7.7
Vendor URL:
Vendor Status:
informed
 
======================
Vulnerability Description
======================
 
PHPExcel 1.7.7 is prone to a Cross-Site Scripting vulnerability
 
Continue reading "SSCHADV2012-020 - PHPExcel 1.7.7 Cross-Site Scripting vulnerability"

SSCHADV2012-018 - SaltOS 3.1 Cross-Site Scripting vulnerability

Advisory:
SaltOS 3.1 Cross-Site Scripting vulnerability
Advisory ID:
SSCHADV2012-018
Author:
Stefan Schurtz
Affected Software:
Successfully tested on SaltOS 3.1 r4908
Vendor URL:
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
SaltOS 3.1 is prone to a Cross-Site Scripting vulnerability, because of using PHPExcel 1.7.7 (latest version)
 
Continue reading "SSCHADV2012-018 - SaltOS 3.1 Cross-Site Scripting vulnerability"

SSCHADV2012-016 - WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple XSS vulnerabilities

Advisory:
WordPress Plugin ‘Quick Post Widget’ 1.9.1 Multiple XSS vulnerabilities
Advisory ID:
SSCHADV2012-016
Author:
Stefan Schurtz
Affected Software:
Successfully tested on Quick Post Widget 1.9.1
Vendor URL:
Vendor Status:
informed
CVE-ID:
CVE-2012-4226
 
======================
Vulnerability Description
======================
 
The WordPress plugin Quick Post Widget 1.9.1 is prone to multiple XSS vulnerabilities
 
Continue reading "SSCHADV2012-016 - WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple XSS vulnerabilities"

SSCHADV2012-002 - ATutor 2.0.3 Multiple XSS vulnerabilities

Advisory:
ATutor 2.0.3 Multiple XSS vulnerabilities
Advisory ID: SSCHADV2012-002
Author: Stefan Schurtz
Affected Software: Successfully tested on ATutor 2.0.3
Vendor URL:
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
ATutor 2.0.3 is prone to multiple XSS vulnerabilities
 
Continue reading "SSCHADV2012-002 - ATutor 2.0.3 Multiple XSS vulnerabilities"
Imprint | Contact | Privacy Statement