Posts tagged XSS

9 min Application Security

Overview of Content Security Policies (CSPs) on the Web

A Content Security Policy is a protocol that allows a site owner to control what resources are loaded on a web page by the browser, and how those resources may be loaded.

4 min Application Security

How to Prevent Cross-Site Scripting (XSS) Attacks

Cross-site scripting (XSS) isn’t new, but its impact and visibility are both growing. Here’s what you need to know to protect them from XSS attacks.

6 min Application Security

App-a-Bet Soup: Should You Use a SAST, DAST, or RASP Application Security Tool?

In this blog, we discuss all things web applications and how to select the right application security solution to keep them safe from attack.

3 min Vulnerability Disclosure

R7-2017-06 | CVE-2017-5241: Biscom SFT XSS (FIXED)

Summary The Workspaces component of Biscom Secure File Transfer (SFT) version 5.1.1015 is vulnerable to stored cross-site scripting in two fields. An attacker would need to have the ability to create a Workspace and entice a victim to visit the malicious page in order to run malicious Javascript in the context of the victim's browser. Since the victim is necessarily authenticated, this can allow the attacker to perform actions on the Biscom Secure File Transfer instance on the victim's behalf.

4 min Vulnerability Disclosure

R7-2016-24, OpenNMS Stored XSS via SNMP (CVE-2016-6555, CVE-2016-6556)

Stored server cross-site scripting (XSS) vulnerabilities in the web application component of OpenNMS [https://www.opennms.org/en] via the Simple Network Management Protocol (SNMP). Authentication is not required to exploit. Credit This issue was discovered by independent researcher Matthew Kienow [https://twitter.com/hacksforprofit], and reported by Rapid7. Products Affected The following versions were tested and successfully exploited: * OpenNMS version 18.0.0 * OpenNMS version 18.0.1 Ope

13 min Vulnerability Disclosure

Multiple Disclosures for Multiple Network Management Systems, Part 2

As you may recall, back in December Rapid7 disclosed six vulnerabilities [/2015/12/16/multiple-disclosures-for-multiple-network-management-systems] that affect four different Network Management System (NMS) products, discovered by Deral Heiland [https://twitter.com/percent_x] of Rapid7 and independent researcher Matthew Kienow [https://twitter.com/hacksforprofit]. In March, Deral followed up with another pair of vulnerabilities [/2016/03/17/r7-2016-02-multiple-vulnerabilities-in-mangeengine-opu

2 min Exploits

R7-2016-19: Persistent XSS via Unescaped Parameters in Swagger-UI (CVE-2016-5682)

Parameters within a Swagger document are insecurely loaded into a browser based documentation. Persistent XSS occurs when this documentation is then hosted together on a public site. This issue was resolved in Swagger-UI 2.2.1 [https://github.com/swagger-api/swagger-ui/releases/tag/v2.2.1]. Summary One of the components used to build the interactive documentation portion of the swagger ecosystem is the Swagger-UI [https://github.com/swagger-api/swagger-ui]. This interface generates dynamic docu

8 min Vulnerability Disclosure

R7-2016-10: Multiple OSRAM SYLVANIA Osram Lightify Vulnerabilities (CVE-2016-5051 through 5059)

Nine issues affecting the Home or Pro versions of Osram LIGHTIFY were discovered, with the practical exploitation effects ranging from the accidental disclosure of sensitive network configuration information, to persistent cross-site scripting (XSS) on the web management console, to operational command execution on the devices themselves without authentication. The issues are designated in the table below. At the time of this disclosure's publication, the vendor has indicated that all but the la

3 min IoT

What's In A Hostname?

Like the proverbial cat, curiosity can often get me in trouble, but often enough, curiosity helps us create better security. It seems like every time I encounter a product with a web management console, I end up feeding it data that it wasn't expecting. As an example, while configuring a wireless bridge that had a discovery function that would identify and list all Wi-Fi devices in the radio range, I thought: "I wonder what would happen if I broadcast a service set identifier (SSID) [https://en

3 min Exploits

Watch your SaaS: Partial parameter checking or the case of unfinished homework

“Laws are like sausages. It's better not to see them being made.” – Otto von Bismarck I'm not sure how many of you have kids or how diligent they are with their homework but I'm sure you've heard stories of parents observing that their kids have finished their homework in a remarkably short period of time.  However, upon investigation, you quickly discover that your child has only finished half of their homework. Sadly, this state of affairs can also be true for SAAS providers offering web app

2 min Penetration Testing

Top 3 Takeaways from the & Campfire Horror Stories: 5 Most Common Findings in Pen Tests & Webcast

Penetration Tests are a key part of assuring strong security, so naturally, security professionals are very curious about how this best practice goes down from the pen tester perspective. Jack Daniel, Director of Services at Rapid7 with 13 years of penetration testing under his belt, recently shared which flaws pen testers are regularly using to access sensitive data on the job in the webcast, “Campfire Horror Stories: 5 Most Common Findings in Pen Tests [https://information.rapid7.com/campfire-

3 min Exploits

R7-2015-01: CSRF, Backdoor, and Persistent XSS on ARRIS / Motorola Cable Modems

By combining a number of distinct vulnerabilities, attackers may take control of the web interface for popular cable modems in order to further compromise internal hosts over an external interface. Affected Product ARRIS / Motorola SURFboard SBG6580 Series Wi-Fi Cable Modem The device is described by the vendor as a "fully integrated all-in-one home networking solution that combines the functionality of a DOCSIS/EuroDOCSIS 3.0 cable modem, four-port 10/100/1000 Ethernet switch with advanced fi

1 min Nexpose

NEX-37823 XSS in Nexpose vuln-summary.jsp (Fixed)

Nexpose users are urged to update to the lastest version of Nexpose to receive the patch for the described security vulnerability. Note that by default, Nexpose installations update themselves automatically. A cross-site scripting (XSS) vulnerability has been discovered by Yunus ÇADIRCI [https://twitter.com/yunuscadirci] and subsequently patched in recent versions of Rapid7's Nexpose vulnerability scanner. By providing URL-encoded HTML tags (including script tags), an unauthenticated attacker

5 min Apple

Abusing Safari's webarchive file format

tldr: For now, don't open .webarchive files, and check the Metasploit module, Apple Safari .webarchive File Format UXSS [https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/apple_safari_webarchive_uxss.rb] Safari's webarchive format saves all the resources in a web page - images, scripts, stylesheets - into a single file. A flaw exists in the security model behind webarchives that allows us to execute script in the context of any domain (a Universal Cross-site S