Advisory:
|
store.apple.com – DOM based Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-009
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on store.apple.com
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
The website ‘store.apple.com’ is prone to a DOM based XSS vulnerability
Continue reading "SSCHADV2013-009 - store.apple.com - DOM based Cross-site Scripting vulnerability"
Advisory:
|
Ligatus Advertising – DOM Based Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-007
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on a.ligatus.com
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
The ‘et’-Parameter in Ligatus Advertising is prone to a DOM Based XSS vulnerability.
Continue reading "SSCHADV2013-007 - Ligatus Advertising - DOM Based Cross-site Scripting vulnerability"
Advisory:
|
www.netcraft.com – Search Form Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-008
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on www.netcraft.com
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
The ‘q’-Parameter in the Search Form on www.netcraft.com is prone to a XSS vulnerability
Continue reading "SSCHADV2013-008 - www.netcraft.com - Search Form Cross-site Scripting vulnerability"
Advisory:
|
Omniture web analytics – Open Redirection vulnerability
|
Advisory ID:
|
SSCHADV2013-003
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on paypal.112.2o7.net
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
The ‘vmh’-Parameter in Omniture web analytics is prone to a Open Redirection vulnerability
Continue reading "SSCHADV2013-003 - Omniture web analytics - Open Redirection vulnerability"
Advisory:
|
WordPress Plugin ‘AJAX Comment Page 3.25’ Cross-site scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-006
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on AJAX Comment Page 3.25
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
CVE-ID:
|
Requested
|
======================
Vulnerability Description
======================
The parameter ‘max’ of the WordPress plugin ‘AJAX Comment Page’ is prone to a XSS vulnerability
Continue reading "SSCHADV2013-006 - WordPress Plugin 'AJAX Comment Page 3.25' Cross-site scripting vulnerability"
Advisory:
|
WordPress Plugin ‘Types 1.2.1.1’ Cross-Site Request Forgery
& Stored Cross-site scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-005
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on Types 1.2.1.1
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
CVE-ID:
|
CVE-2013-2768
|
======================
Vulnerability Description
======================
The parameter ‘skypename’ of the WordPress plugin Types 1.2.1.1 is prone to a CSRF and stored XSS vulnerability
Continue reading "SSCHADV2013-005 - WordPress Plugin 'Types 1.2.1.1' Cross-Site Request Forgery & Stored Cross-site scripting vulnerability"