Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormOnur YILMAZPACKETSTORM:133555
HistorySep 10, 2015 - 12:00 a.m.

DataTables 1.10.8 Cross Site Scripting

2015-09-1000:00:00
Onur YILMAZ
packetstormsecurity.com
33

EPSS

0.002

Percentile

59.6%

JSON
`Information  
--------------------  
Advisory by Netsparker.  
Name: XSS Vulnerability in DataTables  
Affected Software : DataTables  
Affected Versions : 1.10.8 and possibly below  
Vendor Homepage : https://github.com/DataTables/DataTables  
Vulnerability Type : Cross-site Scripting  
Severity : Important  
Status : Fixed  
CVE-ID : CVE-2015-6584  
Netsparker Advisory Reference : NS-15-014  
  
Description  
--------------------  
By exploiting a Cross-site scripting vulnerability the attacker can  
hijack a logged in user’s session. This means that the malicious  
hacker can change the logged in user’s password and invalidate the  
session of the victim while the hacker maintains access. As seen from  
the XSS example in this article, if a web application is vulnerable to  
cross-site scripting and the administrator’s session is hijacked, the  
malicious hacker exploiting the vulnerability will have full admin  
privileges on that web application.  
  
Technical Details  
--------------------  
Proof of Concept URL for XSS in DataTables:  
  
Page: 6776.php  
Parameter Name: scripts  
Parameter Type: GET  
Attack Pattern:  
http://example.com/DataTables-master/media/unit_testing/templates/6776.php?scripts='"--></style></scRipt><scRipt>alert(0x00807E)</scRipt>  
  
For more information on cross-site scripting (XSS) vulnerabilities  
read the following article:  
https://www.netsparker.com/web-vulnerability-scanner/vulnerability-security-checks-index/cross-site-scripting-xss/  
  
Advisory Timeline  
--------------------  
04/09/2015 - First Contact  
08/09/2015 - Vendor Fixed  
09/09/2015 - Advisory Released  
  
Credits & Authors  
--------------------  
These issues have been discovered by Onur Yilmaz while testing  
Netsparker Web Application Security Scanner  
(https://www.netsparker.com).  
  
About Netsparker  
--------------------  
Netsparker finds and reports security flaws and vulnerabilities such  
as SQL Injection and Cross-site Scripting (XSS) in all websites and  
web applications regardless of the platform and the technology they  
are built on. Netsparker's unique detection and exploitation  
techniques allow it to be dead accurate in reporting vulnerabilities,  
hence it is the first and only False Positive Free web application  
security scanner.  
  
--   
Onur Yılmaz - National General Manager  
  
Netsparker Web Application Security Scanner  
T: +90 (0)554 873 0482  
  
  
`

Related

ubuntucve 1
debiancve 1
prion 1
github 1
nodejs 1
cvelist 1
cve 1
nvd 1
securityvulns 2
osv 1
ics 1
ubuntucve
ubuntucve
CVE-2015-6584
2015-09-11 00:00:00
debiancve
debiancve
CVE-2015-6584
2015-09-11 15:59:00
prion
prion
Cross site scripting
2015-09-11 15:59:00
github
github
DataTable Vulnerable to Cross-Site Scripting
2020-08-31 22:42:29
nodejs
nodejs
Cross-Site Scripting
2015-10-17 19:41:46
cvelist
cvelist
CVE-2015-6584
2015-09-11 15:00:00
cve
cve
CVE-2015-6584
2015-09-11 15:59:00
nvd
nvd
CVE-2015-6584
2015-09-11 15:59:00
securityvulns
securityvulns
DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584
2015-10-26 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2015-10-26 00:00:00
osv
osv
DataTable Vulnerable to Cross-Site Scripting
2020-08-31 22:42:29
ics
ics
Hitachi Energy MSM Product
2022-08-30 12:00:00

EPSS

0.002

Percentile

59.6%

JSON
Related for PACKETSTORM:133555
ubuntucve1debiancve1prion1github1nodejs1cvelist1cve1nvd1securityvulns2osv1ics1