Results 1 to 3 of 3

Thread: Vulnerable Script on SBI?

  1. #1
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    582
    Activity Longevity
    1/20 19/20
    Today Posts
    0/5 ssssss582

    Vulnerable Script on SBI?

    On my browser I have the addon Retire-js, whose purpose is to detect vulnerable js librairies on sites.

    On SBI, this addon informs me it has found a vulnérable script:
    Click image for larger version. 

Name:	VulnScrptSBI.jpg 
Views:	103 
Size:	65.4 KB 
ID:	19857

    Here are this vulnerability details:
    https://www.cvedetails.com/cve/CVE-2012-5883/
    Last edited by Renk; 11.02.19 at 20:29.
    Thanks

  2. Who Said Thanks:

    (23.12.19) , (23.09.19) , Blocker (13.02.19) , anon (12.02.19) , illusive (12.02.19) , Rebound (11.02.19) , PRIME (11.02.19) , Instab (11.02.19) , Mon (11.02.19)

  3. #2
    Moderator
    Rebound's Avatar
    Join Date
    19.04.07
    Location
    Ende der Welt
    P2P Client
    Faze Mod 0.2 Private Beta
    Posts
    3,730
    Activity Longevity
    6/20 20/20
    Today Posts
    0/5 sssss3730
    It's a false positive. We are using the fixed uploader.swf since the exploit was published. But thanks for the report anyway. :)


    Thanks

  4. Who Said Thanks:

    Mon (13.02.19) , anon (12.02.19) , illusive (12.02.19) , Lucius (12.02.19) , H265 (12.02.19)

  5. #3
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,804
    Activity Longevity
    11/20 19/20
    Today Posts
    1/5 ssss39804
    Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.
    Another reason not to have Flash Player installed, even if this vulnerability was first discovered eight years ago.
    "I just remembered something that happened a long time ago."
    Thanks

  6. Who Said Thanks:

    H265 (20.02.19)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •