All Posts

1 post

How ZeroCMS Could Have Avoided Cross-Site Scripting Vulnerability CVE-2014-4710

My job as a Vulnerability Signature Engineer with Qualys means that I try out various proofs of concept (PoCs) for different vulnerabilities, and add false-positive-free detections for them to the QualysGuard scanner. It’s fun to dig into the mechanics of the vulnerabilities, but sometimes it’s the implications of the vulnerabilities that are the more interesting part. Such is the case with the vulnerability I found in ZeroCMS, a very simple Content Management System built using PHP and MySQL written by Perez Karjee.

Continue reading …