Yet Another Froala 0-Day XSS
Compass found a DOM-based cross-site scripting (XSS) in the Froala WYSIWYG HTML Editor. HTML code in the editor is not correctly sanitized when inserted into the DOM. This allows an attacker that can... mehr
Compass Security Schweiz AG
Werkstrasse 20
8645 Jona
Schweiz
Advisories
Compass Security employees regularly identify 0day security weaknesses in products, either during customer projects or during their research time. We report such vulnerabilities to the respective vendors and believe in coordinated disclosure, as long as the vendor acts in its and our clients’ best interests and provides us with regular and constructive feedback. If any of these conditions are not met, Compass Security might opt for full disclosure as defined in our Vulnerability Disclosure Policy.
Downloads
- CSNC-2019-023 Mailster - XSS (6 KB)
- CSNC-2020-004 Froala WYSIWYG HTML Editor - DOM XSS (12 KB)
- CSNC-2020-003 JEditor plugin for Jira - Stored Cross-Site Scripting (XSS) (4 KB)
- CSNC-2020-001 Windows Task Scheduler - Security Feature Bypass (5 KB)
- CSNC-2019-024 Abacus - Reflected Cross-Site Scripting (2 KB)
- CSNC-2019-025 Apache Olingo - XML External Entity Resolution (XXE) (5 KB)
- CSNC-2019-021 totemodata - Stored Cross-Site Scripting (7 KB)
- CVE-2019-5533 VeloCloud - Authorization Bypass (4 KB)
- CSNC-2019-022 Alibaba Druid - Anti SQL Injection Filter Bypass (3 KB)
- CSNC-2018-022 The Scheduler - XML External Entity (XXE) Attack (6 KB)
- CSNC-2018-030 MobileIron Email+ for iOS - Cleartext Storage (3 KB)
- CSNC-2019-004 Stonebranch - Local File Inclusion (3 KB)
- CSNC-2019-006 Stonebranch - CSRF XSS (2 KB)
- CSNC-2019-003 Router Vigor2960 - Reflected Cross-Site Scripting (XSS) (3 KB)
- CSNC-2018-36 Voyager - OS Command Injection (RCE) (3 KB)
- CSNC-2018-37 Voyager - Arbitrary File Upload (RCE) (4 KB)
- CSNC-2018-38 Voyager - Authorization Bypass (3 KB)
- CSNC-2018-39 Voyager - Privilege Escalation (5 KB)
- CSNC-2019-001 ZmartZone IAM - Reflected Cross-Site Scripting (XSS) Vulnerability (4 KB)
- CSNC-2019-002 Siemens SICAM Webinterface XXE DoS (6 KB)
- CSNC-2018-031 HADatAC - Remote code execution (4 KB)
- CSNC-2018-026 Abacus - Reflected Cross-Site Scription (3 KB)
- CSNC-2018-025 VMware AirWatch - Insufficient Data Protection (3 KB)
- CSNC-2018-024 IBM Notes Traveler - Reflected Cross-Site Scripting (4 KB)
- CSNC-2018-027 Monstra CMS - Path Traversal (2 KB)
- CSNC-2018-015 ownCloud Impersonation App - Authorization bypass (4 KB)
- CSNC-2018-023 Atmosphere - Reflected XSS (3 KB)
- CSNC-2018-016 ownCloud iOS Application - XSS (2 KB)
- CSNC-2018-020 OfficeSpace - Credentials in Source Code (2 KB)
- CSNC-2018-019 OfficeSpace - Anonymous File Download (2 KB)
- CSNC-2018-018 OfficeSpace - Arbitrary File Upload (3 KB)
- CSNC-2018-017 OfficeSpace - Stored XSS (3 KB)
- CSNC-2017-031 HomeMatic Incorrect Access Control (4 KB)
- CSNC-2018-021 Vert.x HTTP Header Injection (3 KB)
- CSNC-2018-013 ONELAN CMS Passwords in Source Code (2 KB)
- CSNC-2018-012 ONELAN CMS Cleartext Password (2 KB)
- CSNC-2018-011 ONELAN CSM Insufficient Authorization Checks (2 KB)
- CSNC-2018-010 ONELAN CMS Account Brute Force (2 KB)
- CSNC-2018-009 ONELAN CMS arbitrary File Upload (2 KB)
- CSNC-2018-008 ONELAN CMS JWT in GET Request (2 KB)
- CSNC-2018-007 ONELAN CMS CSRF (2 KB)
- CSNC-2018-006 ONELAN CMS stored XSS (3 KB)
- CSNC-2018-005 ONELAN CMS reflected XSS (3 KB)
- CSNC-2018-003 totemomail Encryption Gateway Cross-Site Request Forgery (6 KB)
- CSNC-2018-002 totemomail Encryption Gateway JSONP hijacking (5 KB)
- CVE-2016-6859 SAP Hybris Information Disclosure (3 KB)
- CSNC-2017-026 Microsoft Intune Preserved Keychain Entries (2 KB)
- CSNC-2017-027 Microsoft Intune App PIN Bypass (4 KB)
- CSNC-2018-001 Zimbra Stored XSS (3 KB)
- CSNC-2017-033 GitLab Self XSS (2 KB)
- CSNC-2017-030 MyTy Reflected XSS (4 KB)
- CSNC-2017-029 MyTy Blind SQL Injection (3 KB)
- CVE-2017-9096 iText XML External Entity Vulnerability (2 KB)
- CSNC-2017-023 Mongoose Network Library Bof (17 KB)
- CSNC-2017-012 Sunell Session ID Enumeration (5 KB)
- CSNC-2017-011 Sunell Stored XSS (4 KB)
- CSNC-2017-010 Sunell Reflected XSS (3 KB)
- CSNC-2017-013_pingid_reflected_xss (3 KB)
- CSNC-2017-004 Live Helper Chat (3 KB)
- CVE-2017-7185 Mongoose OS Use-after-free_update (9 KB)
- CSNC-2016-008 VMware AirWatch XSS (3 KB)
- CSNC-2016-006_ASP.NET Core 5-RC1 HTTP Header Injection (2 KB)
- CVE-2016-6856,6857,6858 SAP Hybris XSS (3 KB)
- CVE-2014-1237 i-doit - Cross-site Scripting (XSS) (2 KB)
- CSNC-2016-002 OpenAM Open Redirection (3 KB)
- CSNC-2016-001 OpenAM XSS (3 KB)
- CVE-2016-0955 Adobe Experience Manager AEM-XSS (3 KB)
- CSNC-2015-007 Netgear Router Firmware N300 Authentication Bypass (4 KB)
- CVE-2015-5372 AdNovum nevisAuth Autentication Bypass (4 KB)
- CVE-2015-3442 Soreco Xpert.Line Authentication Bypass (4 KB)
- CVE-2015-3443 Thycotic Secret Server XSS (3 KB)
- CSNC-2014-006 softring_xss (3 KB)
- CSNC-2014-005 softring_backdoor_account (4 KB)
- CSNC-2014-004 neuroML multiple-vulns (4 KB)
- CSNC-2013-018 SAP BusinessObjects Explorer XXE (4 KB)
- CSNC-2013-017 SAP BusinessObjects Explorer Cross-Site-Flashing (3 KB)
- CSNC-2013-016 SAP BusinessObjects Explorer Port-Scanning (3 KB)
- CSNC-2014-001 javaMail - SMTP Header Injection via method setSubject (10 KB)
- CVE-2014-1597 i-doit - SQL Injection (2 KB)
Compass Security Blog
Relaying NTLM authentication over RPC
Since a few years, we - as pentesters - (and probably bad guys as well) make use of NTLM relaying a lot for privilege escalation in Windows networks. In this article, we propose adding support for... mehr
CALENDAR
Security Training: Secure Mobile Apps
In the 2-day course (in German) from October 20/21, 2020, you will learn about the most important security problems of mobile apps. Read more
Security Training: Social Engineering
In the 2-day course (in German) from December 1/2, 2020, you will get to know and understand the methods, tools and tricks of social engineering. Read more
NEWS
Vulnerability in Mailster
Thierry Viaccoz identified an XSS vulnerability in Mailster (email newsletter plugin for WordPress). Read more
Secure Payments on th Internet
More and more goods and services are bought and paid on the internet. Ivan Bütler summarizes security relevant information on online shopping and... Read more
Vulnerability in Froala WYSIWYG HTML Editor
Security Analyst Emanuel Duss identified a DOM XSS vulnerability in the Froala WYSIWYG HTML Editor Read more