Y! Toolbar Cross Site Scripting

2014.01.16
Credit: D
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CVE-2013-6853: Stored XSS via Code Injection in Y! Toolbar DOM for FireFox on MAC Version 3.1.0.20130813024103 and Windows Version 2.5.9.2013418100420. Published January 14, 2014 on XSS.Cx by Hoyt LLC Summary: A local Stored XSS via Code Injection in Y! Toolbar DOM for FireFox on MAC Version 3.1.0.20130813024103 and Windows Version 2.5.9.2013418100420 allows remote attackers to inject arbitrary Javascript into the Yahoo Toolbar for Firefox on MAC, Version 3.1.0.20130813024103 via AddBMToolbar : function(domBuilder). Report URL: http://xss.cx/2014/01/14/mov/cve-2013-6853-stored-xss-via-local-file-inclusion-yahoo-toolbar-version-3x-javascript-injection-poc/index.html Cheers! - -D -----BEGIN PGP SIGNATURE----- Version: 10.2.0.2526 wsBVAwUBUtZ/hHz+WcLIygj0AQiqowf8Cr/oHbnVurNR8LtsZGmt/X/FM4K/MHkL bBKBllEtWpYZZXg76DmM0qYrvbzXk3dYN8i04OA2FXPJEZguoEQVBqgwzfmfeEHP b+cOsgR/+MJ/1iQ0q6RcXrghYXmyjSmzxXcGF7wsVSOtLmnrSbAxx+/VJiknCRRC Y0H0Tbc1HB5kPjQu0Fax1+PCbMRspAFiMBpV0ZDvhnDNaMgkhUMVhI8489aLnwxt qHGCXMvw9eSJkzE4Du82LbYNQbgtrffj+mwWEwFMeuB1euBMklvo/QdLp7Bcn49g R5/Eyh+LbRzD5NB3BL2QTm1jW7SYCAKvtd7H/GJWoKgj+joNG/N9Lg== =mH1u -----END PGP SIGNATURE-----

References:

http://xss.cx/2014/01/14/mov/cve-2013-6853-stored-xss-via-local-file-inclusion-yahoo-toolbar-version-3x-javascript-injection-poc/index.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top