October 3, 2006 – (HOSTSEARCH.COM) – A recent report produced by Cenzic, Inc. (http:// www.cenzic.com), a provider of automated application security assessment and compliance solutions, has highlighted vulnerability to attacks by hackers in a leading blog technology. Researchers at the Cenzic Intelligent Analysis (CIA) Lab have discovered a cross-site scripting vulnerability in Blojsom - a Java-based multi-blog software package – which could compromise a user's account.
Cross-Site Scripting occurs when execution commands in a user's browser display unintended content. This can be harnessed to steal user's login credentials and personal information, and ultimately make blog users victims of malicious attacks. Cenzic's findings have been submitted to CERT and verified by Bugtraq.
Although the Blojsom team has applied a fix which is available in Blojsom 2.32, the announcement comes as a concern to a number of companies who have adopted this blog technology, including Apple Computer who uses it for their OS X Server Weblog Server. Other popular blog technologies may also be vulnerable, the report said.
"Blojsom and other popular blog technologies have been identified by the CIA Lab for cross-site scripting vulnerabilities, which fortunately can be fixed relatively quickly," explained Ambarish Malpini, CTO of Cenzic. "Cenzic protects web applications not only against common threats such as these but also more serious threats such as phishing that could provide attackers access to confidential user information."
