Embedding Javascript and HTML into Kibana 5.x

Posted on by David Vassallo

Reading this post: http://www.supermind.org/blog/1213/embed-custom-javascript-and-html-in-a-kibana-4-x-visualization Kelvin makes a really good suggestion.... and very good inspiration. The suggestion works fine but in my case I needed it to go a step further - I needed to embed an iframe into Kibana. The iframe (and indeed any other <script> tag) was being filtered out by Angular's sanitization protection. I … Continue reading Embedding Javascript and HTML into Kibana 5.x

PaloAlto Captive Portal XSS Attack

Posted on by David Vassallo

PaloAlto has issued a patch for a XSS attack on the captive portal that I disclosed a few months back. The official advisory can be found here: https://securityadvisories.paloaltonetworks.com/Home/Detail/66 (Detail taken from https://securityadvisories.paloaltonetworks.com/) The attack has been given a CVSS score of 6.1: (Screenshot taken from IBM X-Force: https://exchange.xforce.ibmcloud.com/vulnerabilities/118524) Below follows the original report submitted to PaloAlto … Continue reading PaloAlto Captive Portal XSS Attack