CySecurity News - Latest Information Security and Hacking Incidents

Three XSS Bugs Can Cause Complete System Shutdown


What is the bugs trio?

Cybersecurity experts have rolled out information about a trio of cross-site scripting (XSS) vulnerabilities in famous open-source applications that can cause remote code execution (RCE).

Researchers from PT Swarm found the security bugs in the web development applications Evolution CMS, FUDForum, and Gitbucket. 

A primitive XSS attack lets the threat actor’s JavaScript code run in the victim user’s web browser, which opens the door for cookie theft, redirects to a phishing site, and a lot more. 

Cross-Site Scripting (XSS) is one of the most widely faced attacks in web apps. If a threat actor deploys a javascript code into the app output, not only steals cookies, but it also leads to complete compromise of the systems sometime. In this blog post, we’ll try to understand how XSS-driven remote code execution is achieved through examples of Evolution CMS, FUDForum, and Gitbucket. 

Evolution CMS V3.1.8

The first bug, Evolution CMS V3.1.8, allows a hacker to launch a reflected XSS attack in various locations in the admin section. Aleksey Solovev says in case of a successful attack on an administrator authorized in the system, the index.php file will be overwritten with the code that the attacker placed in the payload.

FUDForum v3.1.1

Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: