24/7/365 access to a team of world-class, certified ethical hackers to repair and harden your website.

View Brochure
Fix me

Blog

Posted on

PhpSpreadsheet version 1.9.0

— samples/bootstrap/js/bootstrap.min.js  – bootstrap 3.3.7 has known vulnerabilities: severity: high; issue: 28236, summary: XSS in data-template, data-content and data-title properties of tooltip/popover, CVE: CVE-2019-8331; https://github.com/twbs/bootstrap/issues/28236 severity: medium; issue: 20184, summary: XSS in data-target property of scrollspy, CVE: CVE-2018-14041; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary: XSS in collapse data-parent attribute, CVE: CVE-2018-14040; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: …

Continue reading “PhpSpreadsheet version 1.9.0”

Posted on

PHPWord version 0.16.0

— samples/bootstrap/js/bootstrap.min.js  – bootstrap 3.0.2 has known vulnerabilities: severity: high; issue: 28236, summary: XSS in data-template, data-content and data-title properties of tooltip/popover, CVE: CVE-2019-8331; https://github.com/twbs/bootstrap/issues/28236 severity: medium; issue: 20184, summary: XSS in data-target property of scrollspy, CVE: CVE-2018-14041; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary: XSS in collapse data-parent attribute, CVE: CVE-2018-14040; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: …

Continue reading “PHPWord version 0.16.0”

Posted on

Open Source Dependency Vulnerability – Cachet Version v2.3.18

https://github.com/CachetHQ/Cachet version v2.3.18 — public/dist/js/all.933ef52c701c02556f3b7fa32b0d5f5d.js – jquery 2.2.4 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in …

Continue reading “Open Source Dependency Vulnerability – Cachet Version v2.3.18”

Posted on

OpenCart v3.0.3.2 Multiple Open Source Dependency Vulnerabilities

/work/OSD/repo/upload/admin/view/javascript/ckeditor/ckeditor.js ↳ ckeditor 4.9.1 has known vulnerabilities: severity: medium; summary: XSS if the enhanced image plugin is installed; https://ckeditor.com/blog/CKEditor-4.9.2-with-a-security-patch-released/ https://ckeditor.com/cke4/release-notes severity: medium; summary: XSS vulnerability in the HTML parser; https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/ https://snyk.io/vuln/SNYK-JS-CKEDITOR-72618 /work/OSD/repo/upload/admin/view/javascript/jquery/jquery-3.3.1.min.js ↳ jquery 3.3.1 has known vulnerabilities: severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, …

Continue reading “OpenCart v3.0.3.2 Multiple Open Source Dependency Vulnerabilities”

Posted on

Laravel 5.8.10 Open Source Dependency Vulnerability

Located in /public/js/app.js ↳ jquery 3.3.1 has known vulnerabilities: severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b

Posted on

WPEngine Open-Source Dependency Vulnerability

An open-source dependency vulnerability affects WPEngine’s PHPCompat module on https://github.com/wpengine/phpcompat /src/js/handlebars.js ↳ handlebars.js 4.0.3 has known vulnerabilities: severity: high; summary: A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template; https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692 https://github.com/wycats/handlebars.js/commit/7372d4e9dffc9d70c09671aa28b9392a1577fd86 severity: high; summary: A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template; …

Continue reading “WPEngine Open-Source Dependency Vulnerability”

Posted on

RetireJS Vulnerabilities Identified With RetireJS

I decided to scan RetireJS using its own codebase, and discovered the following issues in RetireJS: /home/omi/clients/retire/firefox/test/web/dojo.js ↳ dojo 1.4.2 has known vulnerabilities: severity: medium; PR: 307; https://github.com/dojo/dojo/pull/307 https://dojotoolkit.org/blog/dojo-1-14-released /home/omi/clients/retire/firefox/test/web/retire-example-0.0.1.js ↳ retire-example 0.0.1 has known vulnerabilities: severity: low; CVE: CVE-XXXX-XXXX, bug: 1234, summary: bug summary; http://github.com/eoftedal/retire.js/ /home/omi/clients/retire/firefox/test/web/retire-example.js ↳ retire-example 0.0.1 has known vulnerabilities: severity: low; …

Continue reading “RetireJS Vulnerabilities Identified With RetireJS”

Posted on

The Art of Responding to Advisories, Responsible Patching, and Transparency with Users

Recently, I communicated 3 serious security vulnerabilities that affected major a Java-based CMS that powers. I sent a message via e-mail, and they quickly released a “hot fix” that was merely hiding the vulnerable files behind their authentication system. The reason this is not an effective way to protect your digital applications is because an …

Continue reading “The Art of Responding to Advisories, Responsible Patching, and Transparency with Users”

Posted on

dotCMS v5.1.1 HTML Injection & XSS Vulnerability

dotCMS v5.1.1 suffers from an HTML injection and XSS vulnerability, in addition to many other vulnerabilities that I am still verifying. Here’s a screenshot of HTML injection: To reproduce this vulnerability, simply go to https://dotcms.com/dotAdmin/ and login with their demo credentials (username: [email protected] password: admin) and then visit the following URL: https://demo.dotcms.com/html/portlet/ext/files/edit_text_inc.jsp?referer=%22%3EHTML%20Code%20Injection%20Here%20and%20XSS%20Vulnerability%20%3Cbr%3E%3Cbr%3E There are more …

Continue reading “dotCMS v5.1.1 HTML Injection & XSS Vulnerability”