Posted by Alexander Korznikov on Feb 18

Hello all,

Description: Persistent DOM based Cross Site Scripting on ebay.com domain.
Disclosed to Ebay: January 2015
Fixed: February 2016
Vulnerability location: Every listing
Who are able to create: Sellers

Same origin policy bypass via postMessage

Write-up:
http://www.korznikov.com/2016/02/persistent-stored-dom-xss-on-ebaycom.html

Proof of Concept:

this code is inserted to the listing to pop-up alert on ebay.com domain.

<script>…

Posted by Mike Lisi on Feb 18

———–
Vendor:
———–
Sophos (https://www.sophos.com)

—————————————–
Affected Products/Versions:
—————————————–
Product: Sophos UTM 9
Version: 9.350-12 with pattern version 92405 (potentially lower)

—————-
Description:
—————-
Title: Cross-site Scripting (XSS) in Sophos UTM 9
CVE: CVE-2016-2046
Researcher: Mike Lisi – HALOCK Security Labs (@MikeHacksThings)

A…

Posted by Sandeep Kamble on Feb 18

[image: Vulnerable Umbraco]
<http://blog.securelayer7.net/wp-content/uploads/2016/02/download.png>

Recently I got an assignment where I had to work on the Umbraco application
– a free Open Source Content Management System built on the ASP.NET
platform and is used by more than 2,25,000 websites. While performing the
security testing of this application, I discovered serious vulnerabilities
within this application, allowing to perform SSRF…