Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More
Trustwave SpiderLabs published an advisory today in conjunction with Magnolia International Ltd. for multiple cross-site scripting vulnerabilities in the Magnolia CMS product. Magnolia CMS is an open source, java based, web content management system. The vulnerabilities, discovered by Michel Chamberland, are primarily due to several pages of the web application reflecting back user supplied data without sanitizing it. In one instance, this input is also stored and leads to stored cross-site scripting in addition to reflecting the malicious payload. These cross-site scripting vulnerabilities allow an attacker to inject malicious scripts via a URL or otherwise that will ultimately be executed in the victim's web browser.
Affected users can patch these vulnerabilities by upgrading to the latest versions of Magnolia CMS which can be found here:
5.4.5 - See https://documentation.magnolia-cms.com/display/DOCS/Release+notes+for+Magnolia+5.4.5
5.3.14 - See https://documentation.magnolia-cms.com/display/DOCS53/Release+notes+for+Magnolia+5.3.14
5.2.12 - See https://documentation.magnolia-cms.com/display/DOCS53/Release+notes+for+Magnolia+5.2.12
4.5.28 - See https://documentation.magnolia-cms.com/display/DOCS45/Release+notes+for+Magnolia+4.5.28
For more details regarding this advisory please visit:
Trustwave's SpiderLabs Advisory (TWSL2016-004): TWSL2016-004
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.