#crosssite

[solved] Facebook SDK returned an error: Cross-site request forgery validation failed. The \state\ param from the URL and session do not match

Cross-site request forgery (CSRF) is a type of attack where a malicious website, email, or other communication forces a user’s web browser to perform unwanted actions on a trusted site where the user is logged in. This can lead to unauthorized actions being taken on the user’s behalf without their consent. In the context of the error message you have received, it indicates that there is a…

Fortinet has released patches for a high-severity cross-site scripting (XSS) vulnerability impacting multiple FortiOS and FortiProxy versions. Tracked as CVE-2023-29183 (CVSS score of 7.3), the security defect is described as an “improper neutralization of input during web page generation”. Successful exploitation of the bug, Fortinet explains in an advisory, may allow an authenticated attacker…

XSS-Scanner - XSS Scanner That Detects Cross-Site Scripting Vulnerabilities In Website By Injecting Malicious Scripts

Cross-Site Scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs. The scanner gets a link from the user and scan the website for XSS vulnerability by injecting malicious scripts at the input place. The injection happens in headless browser named…

WordPress WooCommerce XSS Vulnerability – Hijacking a Customer Account with a Crafted Image

Overview

The FortiGuard Labs team recently discovered a Cross-Site Scripting (XSS) vulnerability in WooCommerce. WooCommerce is an open-source eCommerce platform built on WordPress. According to BuiltWith statistics, WooCommerce is the No. 1 eCommerce platform, owning 22% of global market share in 2018.

This XSS vulnerability (CVE-2019-9168) exists in the zoom display of the Photoswipe…

Safari in iOS 11 introduces a new tracking prevention feature that’s meant to protect your privacy and make it harder for companies to track your browsing habits across multiple websites.

Disabling Cross-Site Tracking isn’t going to cut down on the number of ads that you see, but it will make it harder for advertisers to gather data about what you’ve been browsing to deliver targeted ads. Here’s…

Multiple XSS Vulnerabilities Discovered In IBM Infosphere BigInsights

Summary

Last year, I discovered and reported two Cross-Site Scripting (XSS) vulnerabilities in IBM’s Infosphere BigInsights. This week, IBM released a security bulletin which contains the fix for these vulnerabilities. CVE numbers CVE-2016-2924 and CVE-2016-2992 are assigned to them respectively.

InfoSphere BigInsights is an analytics platform for analyzing massive volumes of unconventional data…