Posts Tagged XSS

26 results.

Best Plesk Takeaways from my first WCEU – Plesk Stories

Jun22
by Ike on June 22, 2018 at 3:27 pm
Posted In: content security policies, cross-site scripting, CSP, Events, Plesk, Plesk news and announcements, Releases, security, WCEU, Wordpress, WordPress Website Security, XSS

The post Best Plesk Takeaways from my first WCEU – Plesk Stories appeared first on Plesk.

└ Tags: , , , , , , , , ,
 Comment 

[20140901] – Core – XSS Vulnerability

Sep23
by Ike on September 23, 2014 at 7:00 pm
Posted In: CMS, Joomla, security, Security Center
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 3.2.0 through 3.2.4, 3.3.0 through 3.3.3
  • Exploit type: XSS Vulnerability
  • Reported Date: 2014-August-27
  • Fixed Date: 2014-September-23
  • CVE Number: CVE-2014-6631

Description

Inadequate escaping leads to XSS vulnerability in com_media.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.2.4 and 3.3.0 through 3.3.3

Solution

Upgrade to version 3.2.5 or 3.3.4

Contact

The JSST at the Joomla! Security Center.

Reported By: Dingjie (Daniel) Yang

└ Tags: , , , ,
 Comment 

Ubuntu: 2217-1: lxml vulnerability

May23
by Ike on May 23, 2014 at 4:33 am
Posted In: Other

(May 21) lxml could allow cross-site scripting (XSS) attacks.

└ Tags: , ,
 Comment 

[20140302] – Core – XSS Vulnerability

Mar06
by Ike on March 6, 2014 at 8:30 pm
Posted In: CMS, Joomla, security, Security Center
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 3.1.2 through 3.2.2
  • Exploit type: XSS Vulnerability
  • Reported Date: 2014-March-04
  • Fixed Date: 2014-March-06
  • CVE Number: Pending

Description

Inadequate escaping leads to XSS vulnerability in com_contact.

Affected Installs

Joomla! CMS versions 3.1.2 through 3.2.2

Solution

Upgrade to version 3.2.3

Contact

The JSST at the Joomla! Security Center.

Reported By: ??

└ Tags: , , , ,
 Comment 

[20140303] – Core – XSS Vulnerability

Mar06
by Ike on March 6, 2014 at 8:30 pm
Posted In: CMS, Joomla, security, Security Center
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
  • Exploit type: XSS Vulnerability
  • Reported Date: 2014-March-05
  • Fixed Date: 2014-March-06
  • CVE Number: Pending

Description

Inadequate escaping leads to XSS vulnerability.

Affected Installs

Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions

Solution

Upgrade to version 2.5.19 or 3.2.3

Contact

The JSST at the Joomla! Security Center.

Reported By: JSST

└ Tags: , , , ,
 Comment 

[20131103] Core XSS Vulnerability

Nov07
by Ike on November 7, 2013 at 8:29 pm
Posted In: CMS, Joomla, security, Security Center
  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-October-26
  • Fixed Date: 2013-November-06
  • CVE Number:

Description

Inadequate filtering leads to XSS vulnerability in com_contact.

Affected Installs

Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.16, 3.1.6 or 3.2.

Contact

The JSST at the Joomla! Security Center.

Reported By: Osanda Malith

└ Tags: , , , ,
 Comment 

[20131101] Core XSS Vulnerability

Nov06
by Ike on November 6, 2013 at 6:47 pm
Posted In: CMS, Joomla, security, Security Center
  • Project: Joomla!
  • SubProject: All
  • Severity: High
  • Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-October-25
  • Fixed Date: 2013-November-06
  • CVE Number:

Description

Inadequate filtering leads to XSS vulnerability in com_contact.

Affected Installs

Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.15, 3.1.6 or 3.2.

Contact

The JSST at the Joomla! Security Center.

Reported By: Osanda Malith

└ Tags: , , , ,
 Comment 

[20131102] Core XSS Vulnerability

Nov06
by Ike on November 6, 2013 at 6:47 pm
Posted In: CMS, Joomla, security, Security Center
  • Project: Joomla!
  • SubProject: All
  • Severity: Moderate
  • Versions: 2.5.14 and earlier 2.5.x versions. 3.1.5 and earlier 3.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-October-06
  • Fixed Date: 2013-November-06
  • CVE Number:

Description

Inadequate filtering leads to XSS vulnerability in com_contact, com_weblinks, com_newsfeeds.

Affected Installs

Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.15, 3.1.6 or 3.2.

Contact

The JSST at the Joomla! Security Center.

Reported By: Osanda Malith

└ Tags: , , , ,
 Comment 

[20130407] – Core – XSS Vulnerability

Apr24
by Ike on April 24, 2013 at 5:00 am
Posted In: CMS, Joomla, security
  • Project: Joomla!
  • SubProject: All
  • Severity: Low
  • Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
  • Exploit type: XSS Vulnerability
  • Reported Date: 2013-April-17
  • Fixed Date: 2013-April-24
  • CVE Number: CVE-2013-3267

Description

Inadequate filtering leads to XSS vulnerability in highlighter plugin.

Affected Installs

Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.

Solution

Upgrade to version 2.5.10,  3.1.0 or 3.0.4.

Contact

The JSST at the Joomla! Security Center.

Reported By: Vertical Pigeon

└ Tags: , , , ,
 Comment 

Parallels Plesk 10.4.4 MU#30

May12
by Ike on May 12, 2012 at 4:52 am
Posted In: Plesk, Releases

[+] MySQL ODBC 5.1.11 driver support has been added

The following bug have been fixed:
[-] XSS vulnerability in Horde IMP has been fixed (CVE-2012-0791)
[-] When admin’s password changing via ch_admin_passwd utility mysqld is running with –skip-grant-tables option
[-] Migration via rsync may fails with “pipe: Too many open files” error
[-] 10.4.4 MU#28 does not set SELinux contexts on /usr/local/psa/handlers/hooks/check-quota handler which causes mail system to go down

└ Tags: , , ,
 Comment 

Parallels Plesk 9.5.4 MU#18

Mar15
by Ike on March 15, 2012 at 8:49 am
Posted In: Plesk, Releases

[-] XSS injection vulnerability has been fixed in Horda

└ Tags: , ,
 Comment 

Parallels Plesk 8.6.0 MU#12

Mar15
by Ike on March 15, 2012 at 8:48 am
Posted In: Plesk, Releases

[-] XSS injection vulnerability has been fixed in Horda

└ Tags: , ,
 Comment 

Parallels Plesk 9.5.4 MU#17

Feb24
by Ike on February 24, 2012 at 9:09 am
Posted In: Plesk, Releases

The following bugs have been fixed:
[-] XSS vulnerability in Horde.

└ Tags: ,
 Comment 

Parallels Plesk 8.6.0 MU#11

Feb24
by Ike on February 24, 2012 at 9:08 am
Posted In: Plesk, Releases

The following bugs have been fixed:
[-] XSS vulnerability in Horde.

└ Tags: ,
 Comment 

Parallels Plesk Panel 8.6.0 for Windows, 9.3.0 for Windows and 9.5.5 for Windows security fixes

Oct04
by Ike on October 4, 2011 at 9:22 am
Posted In: Plesk, Releases

Security fixes:
[-] XSS injection on backup creation page
[-] XSS injection in “Location” HTTP header
[-] HTTPOnly flag added for the session cookie

└ Tags: , ,
 Comment 

Plesk Panel 8.6.0, 9.3.0 and 9.5.5 for Windows Security fixes

Oct04
by Ike on October 4, 2011 at 2:14 am
Posted In: Plesk, Releases

Security fixes:
[-] XSS injection on backup creation page
[-] XSS injection in “Location” HTTP header
[-] HTTPOnly flag added for the session cookie

└ Tags: , ,
 Comment 

Parallels Plesk Panel 9.3.0 MU#11

Sep29
by Ike on September 29, 2011 at 10:42 am
Posted In: Plesk, Releases

Security fixes:
[-] XSS injection on backup creation page
[-] HTTPOnly flag added for the session cookie

└ Tags: , ,
 Comment 

Parallels Plesk Panel 9.5.4 MU#12

Sep29
by Ike on September 29, 2011 at 10:41 am
Posted In: Plesk, Releases

Functional fixes:
[-] ch_admin_passwd can’t stop unlimited mysqld

Security fixes:
[-] XSS injection on backup creation page
[-] XSS injection in “Location” HTTP header
[-] HTTPOnly flag added for the session cookie

└ Tags: , ,
 Comment 

Parallels Plesk Panel 10.0.1 MU#11

Sep29
by Ike on September 29, 2011 at 10:41 am
Posted In: Plesk, Releases

Security fixes:
[-] XSS injection on backup creation page
[-] HTTPOnly flag added for the session cookie

└ Tags: , ,
 Comment 

Parallels Plesk Panel 10.1.1 MU#19

Sep29
by Ike on September 29, 2011 at 10:40 am
Posted In: Plesk, Releases

Security fixes:
[-] XSS injection on backup creation page
[-] HTTPOnly flag added for the session cookie

└ Tags: , ,
 Comment 

Parallels Plesk Panel 10.2.0 MU#11

Sep29
by Ike on September 29, 2011 at 10:38 am
Posted In: Plesk, Releases

Security fixes:
[-] XSS injection on backup creation page
[-] HTTPOnly flag added for the session cookie

└ Tags: , ,
 Comment 

Plesk Panel 9.3.0 MU#11

Sep28
by Ike on September 28, 2011 at 8:00 pm
Posted In: Plesk, Releases

Security fixes:
[-] XSS injection on backup creation page
[-] HTTPOnly flag added for the session cookie

└ Tags: , ,
 Comment 

Plesk Panel 10.0.1 MU#11

Sep28
by Ike on September 28, 2011 at 8:00 pm
Posted In: Plesk, Releases

Security fixes:
[-] XSS injection on backup creation page
[-] HTTPOnly flag added for the session cookie

└ Tags: , ,
 Comment 

Plesk Panel 9.5.4 MU#12

Sep28
by Ike on September 28, 2011 at 8:00 pm
Posted In: Plesk, Releases

Functional fixes:
[-] ch_admin_passwd can’t stop unlimited mysqld
Security fixes:
[-] XSS injection on backup creation page
[-] XSS injection in “Location” HTTP header
[-] HTTPOnly flag added for the session cookie

└ Tags: , ,
 Comment 

Plesk Panel 10.1.1 MU#19

Sep28
by Ike on September 28, 2011 at 8:00 pm
Posted In: Plesk, Releases

Security fixes:
[-] XSS injection on backup creation page
[-] HTTPOnly flag added for the session cookie

└ Tags: , ,
 Comment 

Plesk Panel 10.2.0 MU#11

Sep28
by Ike on September 28, 2011 at 8:00 pm
Posted In: Plesk, Releases

Security fixes:
[-] XSS injection on backup creation page
[-] HTTPOnly flag added for the session cookie

└ Tags: , ,
 Comment 

52 queries. 9.5 mb Memory usage. 1.742 seconds.