NoScript (2.0.5.1< less ): Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI) Vulnerability

Users of NoScript (2.0.5.1 < less ) please be advised of a Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI) vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

NoScript-SA-11/27/2010: NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI)

NoScript fails to detect the reflective XSS from trusted domains when an attack is conducted through SQLXSSI. The bypass in NoScript has been successfully conducted by using "Reflective XSS" through Union SQL poisoning attacks by exploiting the reverted errors in the browser. The attack string used to bypass is stated below Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/goR5JX