"Team Security" Telegram-Gruppe .

❈ Added escaping to several admin controllers and send mail to prevent XSS

Sicherheitslücken / Exploits portal.patchman.co

Several sections in admin controllers and send mail were not properly escaped against XSS.

This vulnerability affects the following application versions:

  • PrestaShop 1.6.0.1
  • PrestaShop 1.6.0.1 alpha 1
  • PrestaShop 1.6.0.2
  • PrestaShop 1.6.0.2 alpha 2
  • PrestaShop 1.6.0.3
  • PrestaShop 1.6.0.3 beta 1
  • PrestaShop 1.6.0.4
  • PrestaShop 1.6.0.4 RC1
  • PrestaShop 1.6.0.5
  • PrestaShop 1.6.0.6
  • PrestaShop 1.6.0.7
  • PrestaShop 1.6.0.8
  • PrestaShop 1.6.0.9
  • PrestaShop 1.6.0.10
  • PrestaShop 1.6.0.11
  • PrestaShop 1.6.0.12
  • PrestaShop 1.6.0.13
  • PrestaShop 1.6.0.14
  • PrestaShop 1.6.1.0
  • PrestaShop 1.6.1.0 RC4
  • PrestaShop 1.6.1.0 RC5
  • PrestaShop 1.6.1.1
  • PrestaShop 1.6.1.1 RC1
  • PrestaShop 1.6.1.1 RC2
  • PrestaShop 1.6.1.2
  • PrestaShop 1.6.1.2 RC1
  • PrestaShop 1.6.1.2 RC2
  • PrestaShop 1.6.1.2 RC3
  • PrestaShop 1.6.1.2 RC4
  • PrestaShop 1.6.1.3
  • PrestaShop 1.6.1.3 RC1
  • PrestaShop 1.6.1.4
  • PrestaShop 1.6.1.5
  • PrestaShop 1.6.1.6
  • PrestaShop 1.6.1.7
  • PrestaShop 1.6.1.8
  • PrestaShop 1.6.1.9
  • PrestaShop 1.6.1.10
  • PrestaShop 1.6.1.11
  • PrestaShop 1.6.1.11 beta 1
  • PrestaShop 1.6.1.12
  • PrestaShop 1.6.1.13
  • PrestaShop 1.6.1.14
  • PrestaShop 1.6.1.15
  • PrestaShop 1.6.1.16
  • PrestaShop 1.6.1.17
  • PrestaShop 1.6.1.18
  • PrestaShop 1.6.1.19
  • PrestaShop 1.6.1.20
  • PrestaShop 1.6.1.21
  • PrestaShop 1.6.1.22
  • PrestaShop 1.6.1.23
  • PrestaShop 1.6.1.24
  • PrestaShop 1.7.0.0
  • PrestaShop 1.7.0.0 beta1
  • PrestaShop 1.7.0.0 beta2
  • PrestaShop 1.7.0.0 beta3
  • PrestaShop 1.7.0.0 RC0
  • PrestaShop 1.7.0.0 RC1
  • PrestaShop 1.7.0.0 RC2
  • PrestaShop 1.7.0.0 RC3
  • PrestaShop 1.7.0.1
  • PrestaShop 1.7.0.2
  • PrestaShop 1.7.0.3
  • PrestaShop 1.7.0.4
  • PrestaShop 1.7.0.5
  • PrestaShop 1.7.0.6
  • PrestaShop 1.7.1.0
  • PrestaShop 1.7.1.0 beta1
  • PrestaShop 1.7.1.1
  • PrestaShop 1.7.1.2
  • PrestaShop 1.7.2.0
  • PrestaShop 1.7.2.0 RC 1
  • PrestaShop 1.7.2.1
  • PrestaShop 1.7.2.2
  • PrestaShop 1.7.2.3
  • PrestaShop 1.7.2.4
  • PrestaShop 1.7.2.5
  • PrestaShop 1.7.3.0
  • PrestaShop 1.7.3.0 beta 1
  • PrestaShop 1.7.3.0 RC 1
  • PrestaShop 1.7.3.1
  • PrestaShop 1.7.3.2
  • PrestaShop 1.7.3.3
  • PrestaShop 1.7.3.4
  • PrestaShop 1.7.4.0
  • PrestaShop 1.7.4.0 beta 1
  • PrestaShop 1.7.4.1
  • PrestaShop 1.7.4.2
  • PrestaShop 1.7.4.3
  • PrestaShop 1.7.4.4
  • PrestaShop 1.7.5.0
  • PrestaShop 1.7.5.0 beta 1
  • PrestaShop 1.7.5.0 RC 1
  • PrestaShop 1.7.5.1
  • PrestaShop 1.7.5.2
  • PrestaShop 1.7.6.0
  • PrestaShop 1.7.6.0 beta 1
  • PrestaShop 1.7.6.0 RC 1
  • PrestaShop 1.7.6.0 RC 2
  • PrestaShop 1.7.6.1
  • PrestaShop 1.7.6.2
  • PrestaShop 1.7.6.3
  • PrestaShop 1.7.6.4
  • PrestaShop 1.7.6.4 1
  • PrestaShop 1.7.6.5
  • PrestaShop 1.7.6.5 1
  • PrestaShop 1.7.6.6
  • PrestaShop 1.7.6.7
...


Kompletten Artikel lesen (externe Quelle: https://portal.patchman.co/detections/rss/vulnerabilities/4238)

Zur Team IT Security IT Sicherheit Nachrichtenportal Startseite

➤ Weitere Beiträge von Team Security | IT Sicherheit (tsecurity.de)

XSpear v1.3 - Powerfull XSS Scanning And Parameter Analysis Tool

vom 406.99 Punkte
XSpear is XSS Scanner on ruby gemsKey featuresPattern matching based XSS scanningDetect alert confirm prompt event on headless browser (with Selenium)Testing request/response for XSS protection bypass and reflected(or all) paramsReflected ParamsAll params(f

Git All The Payloads! A Collection Of Web Attack Payloads

vom 254.93 Punkte
Git All the Payloads! A collection of web attack payloads. Pull requests are welcome!Usagerun ./get.sh to download external payloads and unzip any payload files that are compressed.Payload Creditsfuzzdb - https://github.com/fuzzdb-project/fuzzdbSec

Mail.Ru Calendar Plugin bis 2.5.0.60 auf Atlassian Jira Create Calender month Name Cross Site Scripting

vom 250.16 Punkte
Es wurde eine problematische Schwachstelle in Mail.Ru Calendar Plugin bis 2.5.0.60 auf Atlassian Jira ausgemacht. Betroffen hiervon ist eine unbekannte Funktion der Datei MailRuCalendar.jspa#period/month der Komponente Create Calender. Durch das Beeinfluss

Mail.Ru Calendar Plugin bis 2.5.0.60 auf Atlassian Jira Create Calender month Name Cross Site Scripting

vom 250.16 Punkte
Es wurde eine problematische Schwachstelle in Mail.Ru Calendar Plugin bis 2.5.0.60 auf Atlassian Jira ausgemacht. Betroffen hiervon ist eine unbekannte Funktion der Datei MailRuCalendar.jspa#period/month der Komponente Create Calender. Durch das Beeinfluss

SQL Injection Payload List

vom 236.01 Punkte
SQL InjectionIn this section, we'll explain what SQL injection is, describe some common examples, explain how to find and exploit various kinds of SQL injection vulnerabilities, and summarize how to prevent SQL injection.What is SQL injection (SQLi)?SQL

GPOZaurr - Group Policy Eater Is A PowerShell Module That Aims To Gather Information About Group Policies

vom 217.25 Punkte
Group Policy Eater is a PowerShell module that aims to gather information about Group Policies but also allows fixing issues that you may find in them.Installing GPOZaurr requires RSAT installed to provide results. If you don't have them you can install the

PMapper - A Tool For Quickly Evaluating IAM Permissions In AWS

vom 202.78 Punkte
A project to speed up the process of reviewing an AWS account's IAM configuration. Purpose The goal of the AWS IAM auth system is to apply and enforce access controls on actions and resources in AWS. This tool helps identify if the policies in place will ac

CDK - Zero Dependency Container Penetration Toolkit

vom 181.43 Punkte
CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs helps you to escape container and

XSS-LOADER - XSS Payload Generator / XSS Scanner / XSS Dork Finder

vom 173.47 Punkte
All in one tools for XSS PAYLOAD GENERATOR -XSS SCANNER-XSS DORK FINDERWritten by Hulya KarabagInstagram: Hulya KarabagScreenshotsHow to useRead MeThis tool creates payload for use in xss injectionSelect default payload tags from parameter or write your paylo

Announcing .NET Core 3.0

vom 150.61 Punkte
Announcing .NET Core 3.0 We’re excited to announce the release of .NET Core 3.0. It includes many improvements, including adding Windows Forms and WPF, adding new JSON APIs, support for ARM64 and improving performance across the board. C# 8 is als

AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide

vom 140.7 Punkte
Original release date: October 11, 2018Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5] In it we highlight the use of five publicly

I failed with spam detection. What does this do? Do I have to take actions?

vom 137.15 Punkte
Hi, I got an email and was suspicous and called the company. I got the information that the name of the person is a valid employee. The Mail contained a html document that I opened on the android phone. But this led to some side related to specify br

Team Security Diskussion über Added escaping to several admin controllers and send mail to prevent XSS