A few days ago some researchers discovered an HTML Injection vulnerability in Signal Desktop and they wrote a public disclosure. The Signal team quickly released an update on May 11th, the problem was in the file /js/views/message_view.js. Reading the changes to message_view.js, it seemed that the Signal team had only fixed the “problem of the URL“. So, maybe, … Continue reading HTML Injection in Signal Desktop 1.10.1
INFO Product: GD bbPress Attachments Version: 2.5 Active installations: 10,000+ Product page: https://it.wordpress.org/plugins/gd-bbpress-attachments/ DESCRIPTION An authenticated user of a bbPress forum, who can attach a file, can inject arbitrary javascript code via filename. The arbitrary code runs both on the topic page and in the admin panel, and it only affects the administrators, moderators and the attacker. The variable $error[‘file’] in /code/attachments/front.php (line 349) is not … Continue reading GD bbPress Attachments 2.5 – Authenticated stored XSS
La sicurezza informatica in Italia (ma non solamente in Italia) è ancora un tasto dolente, come si può leggere nell’annuale rapporto rilasciato da Clusit. Personalmente riassumo il 2017 in tre macro argomenti, per quanto riguarda il tema “sicurezza digitale”: Spectre e Meltdown, Wannacry e Coinhive. Dopo Spectre e Meltdown, e dopo una pessima organizzazione nel … Continue reading TIM e la responsible disclosure
After many unsuccessful attempts to find an XSS in Yahoo’s domains, I decided to move my attention to Microsoft Bing. If you have a Microsoft account, Bing allows you to save online content (images, videos and places) on the page “My saves”, and allows to create collections to better manage your own content. The titles … Continue reading Stored XSS in Microsoft Bing
INFO Product: My Calendar Version: 2.5.16 Active installations: 30,000+ Product page: https://it.wordpress.org/plugins/my-calendar/ DESCRIPTION An authenticated user, who can add new events, can inject arbitrary javascript code via event_time_label input. The arbitrary code runs both on the event page and in the admin panel. In my-calendar-event-manager.php, line 1873, the variable $eventTime is not sanitized. PROOF OF CONCEPT My Calendar 2.5.16 is … Continue reading My Calendar 2.5.16 – Authenticated stored XSS
