Sign in to follow this  
Katia

Security Vulnerability Scan Issue With

Recommended Posts

Hello

We conducted a security vulnerability of a web site currently developed using Fusion Charts and the following vulnerability shows up for every swf.

"Fusion Charts - Content Spoofing / XSS

The software Fusion Charts utilizes the FlashVar "dataXML" to allow for dynamic data paths and settings within the generated charts or graphs. The parameter does not currently validate data passed via the "dataXML" and allows an attacker to alter any chart hosted within the current domain and include malicious javascript that will execute when a user interacts with the altered chart."

How can we fix this. Is there a patch or a workaround available?

This question seems similar to the one Michelle posted on November 2nd: Validation For Dataxml Parameter For Pie Swf Files.

Please Advise.

Thanks!

Katia

Share this post


Link to post
Share on other sites

Keep in mind it could be a false positive, but i would try contacting the vendor or developer just to be safe. You could try using another vulnerability scanner such as Sitewatch, which has a free XSS test.

 

I assure you this is not a false positive. It's a known vulnerability related to CVE-2008-6060 and is applicable to all Fusion products. As you can see it's a known issue since 2008.

 

http://web.nvd.nist....d=CVE-2008-6060

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this