Results for cross-site scripting

Threat Research

Incomplete Patch: More Joomla! Core XSS Vulnerabilities Are Found

Joomla! is one of the world's most popular content management systems (CMS). It enables users to build Web sites and powerful online applications. More than 3 percent of Web sites are running Joomla!, and it accounts for more than 9 percent of CMS market share. As of July 2017, Joomla! has been downloaded over 82 million times. Over 7,800 free and commercial extensions are available from the official Joomla! Extension Directory, and more are available from other sources. In my last blog, I discovered 2 Cross-Site Scripting (XSS) vulnerabilities...

By Zhouyuan YangJuly 12, 2017

Threat Research

Multiple Joomla! Core XSS Vulnerabilities Are Discovered

Joomla! is one of the world's most popular content management system (CMS) solutions. It enables users to build custom Web sites and powerful online applications. More than 3 percent of Web sites are running Joomla!, and it accounts for more than 9 percent of CMS market share. As of November 2016, Joomla! had been downloaded over 78 million times. Over 7,800 free and commercial extensions are also currently available from the official Joomla! Extension Directory, and more are available from other sources. This year, as a FortiGuard researcher...

By Zhouyuan YangMay 04, 2017

Threat Research

Zimbra Collaboration XSS Vulnerability: Be Careful If You're Using Zimbra Email

Summary Recently Zimbra released Zimbra Collaboration 8.6 Patch 5. It fixed 2 Cross-Site Scripting (XSS) vulnerabilities which were discovered and reported by security researcher of Fortinet's FortiGuard labs in October 2015. CVE-2015-7609 was assigned to identify these 2 XSS vulnerabilities. One of them is caused due to insufficiently sanitizing the content of email message body. It allows remote attackers to launch XSS attack against Zimbra Collaboration users by simply sending a specially-crafted email. In this blog,...

By Peixue LiJanuary 31, 2016

Industry Trends

FortiGuard Labs Discloses Another WordPress WooCommerce Plug-in Cross-Site Scripting Vulnerability

Overview WooCommerce is an open source e-commerce plugin for WordPress. It is designed for small to large-sized online merchants using WordPress. According to WooCommerce, the plugin now powers over 30% of all online stores running WordPress with over one million downloads. FortiGuard Labs discovered another Cross-Site Scripting (XSS) vulnerability in WooCommerce. FortiGuard disclosed a different XSS vulnerability in WooCommerce earlier this year, leading Fortinet’s Chris Dawson to ask if it was time to worry about WordPress. As...

By Peixue LiNovember 17, 2015

Industry Trends

FortiGuard Labs Discloses XSS Vulnerability in MantisBT

Overview MantisBT is an open source issue tracker with nearly 110,000 downloads so far this year from its SourceForge repository. It is known for its ease of use and rapid collaboration capabilities.   Researchers with FortiGuard Labs have discovered a cross-site scripting (XSS) vulnerability in MantisBT caused by incorrect handling of a specially-crafted request which contains injected script code. This vulnerability could allow remote attackers to launch XSS attack.   Analysis The attack target can be MantisBT administrator....

By Chris DawsonOctober 30, 2015

Threat Research

Cross-Site Scripting Vulnerability Discovered In WordPress Photo Gallery Plugin

With over 12 million downloads, Photo Gallery is one of the most popular WordPress plugins; users should be sure to upgrade to the latest version. FortiGuard Labs disclosed a vulnerability today in the WordPress Photo Gallery plugin that could potentially be used to gather information from system administrators. With over 100,000 active installations and robust photo management and editing tools, this particular cross-site scripting vulnerability has significant security implications across the many retail, media, and other WordPress-driven websites...

By Aamir LakhaniMarch 20, 2015