Results 1 to 3 of 3

Thread: Vulnerable Script on SBI?

  1. #1
    Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    524
    Activity Longevity
    0/20 18/20
    Today Posts
    0/5 ssssss524

    Vulnerable Script on SBI?

    On my browser I have the addon Retire-js, whose purpose is to detect vulnerable js librairies on sites.

    On SBI, this addon informs me it has found a vulnérable script:
    VulnScrptSBI.jpg

    Here are this vulnerability details:
    https://www.cvedetails.com/cve/CVE-2012-5883/
    Last edited by Renk; 11.02.19 at 19:29.
    Thanks

  2. Who Said Thanks:

    Blocker (13.02.19) , anon (12.02.19) , illusive (12.02.19) , Rebound (11.02.19) , PRIME (11.02.19) , Instab (11.02.19) , Mon (11.02.19)

  3. #2
    Moderator Robot Territories Champion, Fish Shooter Champion, Bat & Mouse 2 Champion, Bloody Rage Champion, Hot Pepper vs The Water 3 Champion, Snowboard in switzerland Champion, New Years Night Champion, Anchovy Assault Free Play Champion, Kid Launcher Champion, Tropical Dragon Slaughter Champion
    Rebound's Avatar
    Join Date
    19.04.07
    Location
    Ende der Welt
    P2P Client
    Faze Mod 0.2 Private Beta
    Posts
    3,660
    Activity Longevity
    6/20 20/20
    Today Posts
    0/5 sssss3660
    It's a false positive. We are using the fixed uploader.swf since the exploit was published. But thanks for the report anyway. :)


    Thanks

  4. Who Said Thanks:

    Mon (13.02.19) , anon (12.02.19) , illusive (12.02.19) , Lucius (12.02.19) , H265 (12.02.19)

  5. #3
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    35,622
    Activity Longevity
    11/20 19/20
    Today Posts
    0/5 ssss35622
    Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.
    Another reason not to have Flash Player installed, even if this vulnerability was first discovered eight years ago.
    "Come visit sometime, okay? We'll always be here for you. We... we all love you."
    Thanks

  6. Who Said Thanks:

    H265 (20.02.19)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •