Jump to content

Search the Community

Showing results for tags 'xss'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 1 result

  1. Successful exploitation allows attackers to steal potentially sensitive information, change appearance of the web page, and perform phishing, spoofing and drive-by-download attacks. Users of the Microsoft Outlook for Android app should update their apps to avoid a range of attacks. The bug (CVE-2019-1460) would allow an attacker to perform cross-site scripting (XSS) attacks on the affected systems and run scripts in the security context of the current user, according to Microsoft’s advisory on the bug. XSS occurs when malicious parties inject client-side scripts into web pages, which trick the unsuspecting user’s browser into thinking that the script came from a trusted source. In this case, the computing giant said that the issue exists in the way Microsoft Outlook for Android software parses specifically crafted email messages – thus, an attacker could exploit the vulnerability by sending just such an email. Czech firm Cybersecurity Help said in a posting this week that the problem was an “Improper Neutralization of Input During Web Page Generation” problem that exists due to insufficient sanitization of user-supplied data. The adversary would need to be authenticated to the same network as the potential victim in order to carry out an attack, Microsoft said. A write-up by Symantec said that an attacker can exploit this issue to conduct spoofing attacks, while Cybersecurity Help added that an attacker could “steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.” Users should ensure that they have the latest version of the app, and update it manually if they haven’t received an auto-update. Beyond installing that update, Symantec also noted that mitigation includes running the software as a nonprivileged user with minimal access rights. Researcher Rafael Pablos was credited with finding the bug, which Microsoft rates as “important” in severity. It’s listed as having a 5.6 out of 10 severity rating on the CVSS v.3 vulnerability rating scale. Source
×
×
  • Create New...