Security Bulletins and Advisories / Cross-site Scripting

by Daniel Wood, on Jan 22, 2020 4:00:00 AM

INTRODUCTION Bishop Fox takes security seriously. In accordance with our Vulnerability Disclosure Policy, we follow the industry-standard responsible disclosure process. At the expiration of this time window, we disclose discovered …

Read Details
Vulnerabilities:Sensitive Information DisclosureCross-site ScriptingCross-site Request ForgeryRemote Code ExecutionCross-Origin Resource SharingUser EnumerationMissing Security HeadersInsecure Cookie Scope

by Chris Davis, on Dec 30, 2019 10:26:22 AM

ADVISORY SUMMARY The following document describes identified vulnerabilities in the Big Monitoring Fabric application. Two high-risk vulnerabilities were found within the application. Impact Successful exploitation of the cross-site scripting (XSS) …

Read Details
Vulnerabilities:Sensitive Information DisclosureCross-site Scripting

by Chris Davis, on Dec 9, 2019 7:00:00 AM

ADVISORY SUMMARY Nine vulnerabilities were identified within the Solismed application. The following document describes identified vulnerabilities in the Solismed application version 3.3SP1. Product Vendor Product Name Affected Version* Intesync, LLC …

Read Details
Vulnerabilities:Cross-site ScriptingCross-site Request ForgeryIncorrect Access ControlsInsecure File UploadSQL InjectionInsecure Cryptographic StorageClickjackingDirectory Traversal

by Chris Davis, on Sep 10, 2019 5:43:00 AM

ADVISORY SUMMARY OpenEMR is a widely used open source medical records management tool. The latest version at the time of this research was 5.0.1(6), older versions are believed but unconfirmed …

Read Details
Vulnerabilities:Cross-site ScriptingArbitrary Remote Code Execution

by Priyank Nigam, on Jul 25, 2019 11:22:55 AM

ADVISORY SUMMARY Dolibarr ERP & CRM is an open source and free software package that manages companies, freelancers, and foundations. The project’s official website is The latest version of …

Read Details
Vulnerabilities:Cross-site ScriptingRemote Code Execution

by Chris Davis, on Mar 8, 2019 12:41:18 PM

Product Vendor Cantemo AB Product Description Cantemo AB is a software systems and technology vendor for major media outlets. The Cantemo Portal application is a high-performance media asset management tool …

Read Details
Vulnerabilities:Stored Cross-site ScriptingCross-site Scripting

by Zach Julian, on Jun 23, 2017 1:24:27 PM

Patch Date May 25, 2017 Reported Date February 23, 2017 Vendor ATMAIL Systems Affected atmail 7 Summary A stored XSS vulnerability was identified in the webmail component of atmail 7 …

Read Details
Vulnerabilities:Cross-site Scripting

by Shubham Shah, on Sep 8, 2016 2:32:42 PM

Release Date Sept. 15, 2016 Patch Date Aug. 26, 2016 Reported Date May 21, 2016 Vendor Accellion Systems Affected Versions of the appliance prior to version kw2016.03.0. Summary Three vulnerabilities …

Read Details
Vulnerabilities:Path TraversalCross-site ScriptingIncorrect Default Permissions

by Joe DeMesy, Shubham Shah, and Matthew Bryant, on Apr 8, 2016 5:00:21 AM

Patch Date March 21, 2016 Reported Date February 2016 Vendor Apple Systems Affected Messages (iMessage) on OS X <= 9.1 Summary Messages (iMessage) for OS X, a popular messaging platform …

Read Details
Vulnerabilities:Cross-site Scripting

by Shubham Shah, on Aug 27, 2015 11:19:37 AM

Impact By gaining remote command execution on a machine running ColdFusion, an attacker can access the internal network, databases, sensitive files and credentials, and the application source code. This level …

Read Details
Vulnerabilities:Cross-site Scripting

Vulnerability Disclosure Policy

Bishop Fox takes security issues very seriously. We believe in coordinated disclosure, and we work closely with vendors and clients to patch vulnerabilities promptly. More on our Disclosure Policy →

Subscribe to Updates