Results for xss

Threat Research

Magento Commerce Widget Form (Core) XSS Vulnerability

The FortiGuard Labs team discovered a Cross-Site Scripting (XSS) vulnerability in Magento. This XSS vulnerability is caused by Magento failing to sanitize user-supplied data before inserting it into a dynamically generated widget form.

By Zhouyuan YangJanuary 07, 2019

Threat Research

Easy Hosting Control Panel: SQL Injection & Multiple XSS Vulnerabilities

As part of our ongoing threat research at FortiGuard Labs, we discovered that EHCP contains an SQL Injection and multiple cross-site Scripting (XSS) vulnerabilities.

By Zhouyuan YuangJuly 08, 2018

Threat Research

Multiple Plone Cross-Site Scripting Vulnerabilities

Plone is a free and open source content management system, and is ranked among the top 2% of all open source projects worldwide. More than 350 solution providers in more than 100 countries currently support it. The project has been actively developed since 2001, is available in more than 40 languages, and has the best security track record of any major CMS. The users (https://plone.com/about/they-use-plone) include the Federal Bureau of Investigation (FBI), the Central Intelligence Agency (CIA), the Intellectual Property Rights Center, and so on. Earlier...

By Zhouyuan YangDecember 05, 2017

Threat Research

Incomplete Patch: More Joomla! Core XSS Vulnerabilities Are Found

Joomla! is one of the world's most popular content management systems (CMS). It enables users to build Web sites and powerful online applications. More than 3 percent of Web sites are running Joomla!, and it accounts for more than 9 percent of CMS market share. As of July 2017, Joomla! has been downloaded over 82 million times. Over 7,800 free and commercial extensions are available from the official Joomla! Extension Directory, and more are available from other sources. In my last blog, I discovered 2 Cross-Site Scripting (XSS) vulnerabilities...

By Zhouyuan YangJuly 12, 2017

Threat Research

Multiple Joomla! Core XSS Vulnerabilities Are Discovered

Joomla! is one of the world's most popular content management system (CMS) solutions. It enables users to build custom Web sites and powerful online applications. More than 3 percent of Web sites are running Joomla!, and it accounts for more than 9 percent of CMS market share. As of November 2016, Joomla! had been downloaded over 78 million times. Over 7,800 free and commercial extensions are also currently available from the official Joomla! Extension Directory, and more are available from other sources. This year, as a FortiGuard researcher...

By Zhouyuan YangMay 04, 2017

Threat Research

IBM Rational Collaborative Lifecycle Management XSS Vulnerability

Summary At the beginning of this year, I discovered and reported a Cross-Site Scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM). This month IBM released a security bulletin that contains the fix for this vulnerability. In this blog, I want to share the details of this vulnerability. How to Reproduce To reproduce this vulnerability, you can follow the steps below: Sign into CLM with a user account, such as “chbest2”, with the permission "JazzAdmins". Then create a new user...

By Honggang RenOctober 17, 2016

Industry Trends

Proactive Hacking to Build Better Security

Fortinet has developed a talented group of security experts and veterans that work together to design, execute, and administer every conceivable type of networking and security infrastructure. These infrastructures serve the largest enterprises, university campuses, and industry conferences, to small and mid-sized businesses, inter-connected retail locations, and even storm-battered cargo ships. Designing and building any network infrastructure poses unique challenges, and requires extreme diligence in the planning, implementation, and administration....

By Aamir LakhaniOctober 03, 2016

Threat Research

Stored XSS Vulnerabilites on Foscam

In case you missed it, Fortinet recently introduced the Fortinet Network Security Academy (FNSA) with the objective of providing individuals with advanced cybersecurity skills in order to address the industry’s current skills shortage. To highlight the value of such a program, the team at our French offices regularly collaborate with students who work with us on a range of security projects. The following discovery is the product of one such student collaboration project. Summary After successfully gaining access to the File System...

By Ruchna NigamMarch 31, 2016

Industry Trends

FortiGuard Labs Discloses Another WordPress WooCommerce Plug-in Cross-Site Scripting Vulnerability

Overview WooCommerce is an open source e-commerce plugin for WordPress. It is designed for small to large-sized online merchants using WordPress. According to WooCommerce, the plugin now powers over 30% of all online stores running WordPress with over one million downloads. FortiGuard Labs discovered another Cross-Site Scripting (XSS) vulnerability in WooCommerce. FortiGuard disclosed a different XSS vulnerability in WooCommerce earlier this year, leading Fortinet’s Chris Dawson to ask if it was time to worry about WordPress. As...

By Peixue LiNovember 17, 2015

Threat Research

FortiGuard Labs Discloses Multiple InfoBlox NetMRI Cross-Site Scripting Vulnerabilities

Overview Infoblox is a network controller company that provides network automation and domain name system (DNS) security through appliance-based solutions. These products enable and secure dynamic network and data center infrastructures. It offers four product families: core network services, infrastructure security, cloud network automation and network change, and configuration management. Infoblox NetMRI provides automatic network discovery, switch port management, network change automation, and continuous security policy and configuration...

By Aamir LakhaniNovember 12, 2015