XSS flaws allow hackers to inject malicious code into websites to steal user data or hijack functions.
The XSS flaw was reported to the vendor on Nov. 2, 2018.
The vendor responded on Dec. 7 and acknowledged the issue.
The vendor’s next update did not come until Jan. 3.
In the meantime, Red Hat has released a critical update for the product.
The vendor released a fixed version of the product on Jan. 9.
Red Hat has released a critical update for the product. Thus, Red Hat users now have a patched version of Syncovery 9.
Syncovery 9 is no longer a recommended product for Red Hat Enterprise Linux 7.
Syncovery 9 .0.2
XSS flaws allow hackers to inject malicious code into websites to steal user data or hijack functions.
The XSS flaw was reported to the vendor on Nov. 2, 2018.
The vendor responded on Dec. 7 and acknowledged the issue.
On Dec. 14, 2018, the vendor released a patch for Syncovery 9.
The vendor’s next update did not come until Jan. 3, 2019 when it released a fixed version of the product.
In the meantime, Red Hat has released a critical update for the product in early December 2018 and has recommended that Red Hat Enterprise Linux 7 users disable Syncovery 9 in their system due to security issues in the previous release of Syncovery 9 and the CVE-2022-36533 vulnerability being fixed by this release of Syncovery 9
Red Hat Syncovery 9
Red Hat has released a critical update for the product. Syncovery 9 is no longer a recommended product for Red Hat Enterprise Linux 7.
The anatomy of a Syncovery flaw
This is a detailed explanation of the timeline for a Syncovery flaw
On November 2, 2018, an XSS flaw was found and reported to the vendor.
The vendor acknowledged the issue on December 7.
The vendor did not release a fixed version until January 3.
In the meantime, Red Hat released a critical update for their product.
The vendor released an updated version of the product on January 9.
Red Hat has now released a critical update for their product. Thus, Red Hat users now have a patched version of Syncovery 9.
How do you protect against XSS?
This is a difficult question to answer because there are many different ways to prevent XSS. For example, you can use content security policy (CSP) to restrict the resources that websites can access.
Another option is to implement a browser extension like uBlock Origin.
You can also configure your web server and application firewall configurations to protect against XSS attacks.
Timeline
Published on: 09/16/2022 03:15:00 UTC
Last modified on: 09/17/2022 02:30:00 UTC