SecPod Research Team member (Deependra Bapna) has found Multiple Stored Cross-site Scripting Vulnerabilities in ClipBucket. The vulnerabilities are due to improper validation of various parameters in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data. Complete Advisory information can be found here. Advisory in CVRF […]

Read More →

SecPod Research Team member (Antu Sanadi) has found Persistence Cross-Site Scripting Vulnerability in Advantech WebAccess HMI/SCADA. The vulnerability is caused by improper validation ‘ProjDesc’ parameter in ‘broadWeb/include/gAddNew.asp’ (when tableName=pProject set). This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. […]

Read More →

SecPod Research Team member (Antu Sanadi) has found Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities in ArticleSetup. The vulnerability is caused by improper validation of various parameters in multiple pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying […]

Read More →

SecPod Research Team member (Prabhu S Angadi) has found Multiple Persistence Cross-Site Scripting Vulnerabilities in Sphinix Mobile Web Server Blog. The vulnerability is caused by improper validation of “comment” parameter in “/Blog/MyFirstBlog.txt” and “/Blog/AboutSomething.txt” pages. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks. More […]

Read More →

SecPod Research Team member (Antu Sanadi) has found Multiple Persistence Cross-Site Scripting Vulnerabilities in Apache Struts. The vulnerability is caused by improper validation of various parameters in multiple pages. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks. More information can be found here. CVE […]

Read More →

SecPod Research Team member (Antu Sanadi) has found multiple persistence cross-site scripting vulnerability in appRain Quick Start Edition Core Edition. The vulnerability is caused by improper validation of various parameters. This may allow an attacker to steal cookie-based authentications or inject arbitrary HTML code and launch further attacks. More information can be found here.

Read More →

Folks, SecPod Research Team member (Veerendra G.G) found persistent XSS flaw in Micro CMS, which can be used to gain sensitive information and launch further attacks. The flaw lies in name parameters while the web Application processes the user-supplied input and renders the content back to the client’s browser. The flaw can be exploited to […]

Read More →