Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Flash Tag Cloud Control Cross Site Scripting

🗓️ 21 May 2010 00:00:00Reported by MustLiveType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 27 Views

Vulnerability in Flash Tag Cloud control for ASP.NE

Code
`Hello Bugtraq!  
  
I want to warn you about security vulnerability in Flash Tag Cloud control  
for ASP.NET.  
  
-----------------------------  
Advisory: Vulnerability in widget Flash Tag Cloud for Blogsa and other  
ASP.NET engines  
-----------------------------  
URL: http://websecurity.com.ua/4213/  
-----------------------------  
Affected products: all versions of Flash Tag Cloud control for ASP.NET, all  
versions of Flash Tag Cloud for Blogsa and other ASP.NET engines.  
-----------------------------  
Timeline:  
  
10.05.2010 - found vulnerability.  
19.05.2010 - disclosed at my site.  
20.05.2010 - informed developers.  
-----------------------------  
Details:  
  
This is Cross-Site Scripting vulnerability. Which I found in Flash Tag Cloud  
control for ASP.NET (http://flashtagcloud.codeplex.com) on web sites with  
Blogsa engine, but any ASP-sites with Flash Tag Cloud control and other  
ASP.NET engines with this widget can be vulnerable.  
  
This XSS is similar to XSS vulnerability in WP-Cumulus and other web  
applications which I already reported to security mailing lists, because  
it's using tagcloud.swf made by author of WP-Cumulus. About millions of  
flash files tagcloud.swf which are vulnerable to XSS attacks I mentioned in  
my article XSS vulnerabilities in 34 millions flash files  
(http://www.webappsec.org/lists/websecurity/archive/2010-01/msg00035.html).  
  
XSS:  
  
http://site/Widgets/FlashTagCloud/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='javascript:alert(document.cookie)'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E  
  
Code will execute after click. It's strictly social XSS.  
  
Also it's possible to conduct (like in WP-Cumulus) HTML Injection attack,  
including in those flash files which have protection (in flash files or via  
WAF) against javascript and vbscript URI in parameter tagcloud.  
  
HTML Injection:  
  
http://site/Widgets/FlashTagCloud/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='http://websecurity.com.ua'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E  
  
Best wishes & regards,  
MustLive  
Administrator of Websecurity web site  
http://websecurity.com.ua  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 May 2010 00:00Current
7.4High risk
Vulners AI Score7.4
cross-site scriptingflash tag cloudasp.netblogsa enginevulnerabilityxsshtml injectionwaf
27