cross-site scripting

Joomla! is one of the world's most popular content management system (CMS) solutions. It enables users to build custom Web sites and powerful online applications. More than 3 percent of Web sites are running Joomla!, and it accounts for more than 9 percent of CMS market share. As of November 2016, Joomla! had been downloaded over 78 million times. Over 7,800 free and commercial extensions are also currently available from the official Joomla! Extension Directory, and more are available from other sources. This year, as a FortiGuard researcher... [Read More]
by RSS Zhouyuan Yang  |  May 04, 2017  |  Filed in: Security Research
Summary Recently Zimbra released Zimbra Collaboration 8.6 Patch 5. It fixed 2 Cross-Site Scripting (XSS) vulnerabilities which were discovered and reported by security researcher of Fortinet's FortiGuard labs in October 2015. CVE-2015-7609 was assigned to identify these 2 XSS vulnerabilities. One of them is caused due to insufficiently sanitizing the content of email message body. It allows remote attackers to launch XSS attack against Zimbra Collaboration users by simply sending a specially-crafted email. In this blog,... [Read More]
by RSS Peixue Li  |  Jan 31, 2016  |  Filed in: Security Research
Overview WooCommerce is an open source e-commerce plugin for WordPress. It is designed for small to large-sized online merchants using WordPress. According to WooCommerce, the plugin now powers over 30% of all online stores running WordPress with over one million downloads. FortiGuard Labs discovered another Cross-Site Scripting (XSS) vulnerability in WooCommerce. FortiGuard disclosed a different XSS vulnerability in WooCommerce earlier this year, leading Fortinet’s Chris Dawson to ask if it was time to worry about WordPress. As... [Read More]
by RSS Peixue Li  |  Nov 17, 2015  |  Filed in: Industry Trends & News
Overview MantisBT is an open source issue tracker with nearly 110,000 downloads so far this year from its SourceForge repository. It is known for its ease of use and rapid collaboration capabilities.   Researchers with FortiGuard Labs have discovered a cross-site scripting (XSS) vulnerability in MantisBT caused by incorrect handling of a specially-crafted request which contains injected script code. This vulnerability could allow remote attackers to launch XSS attack.   Analysis The attack target can be MantisBT administrator.... [Read More]
by RSS Chris Dawson  |  Oct 30, 2015  |  Filed in: Industry Trends & News
With over 12 million downloads, Photo Gallery is one of the most popular WordPress plugins; users should be sure to upgrade to the latest version. FortiGuard Labs disclosed a vulnerability today in the WordPress Photo Gallery plugin that could potentially be used to gather information from system administrators. With over 100,000 active installations and robust photo management and editing tools, this particular cross-site scripting vulnerability has significant security implications across the many retail, media, and other WordPress-driven websites... [Read More]
by RSS Aamir Lakhani  |  Mar 20, 2015  |  Filed in: Security Research