XSS Vulnerabilities Found in Microsoft Azure Cloud Services

  /     /     /  
Publicated : 23/11/2024   Category : security

XSS Vulnerabilities Found in Microsoft Azure Cloud Services


Microsoft quickly issued patches for the two security issues, which could allow unauthorized access to cloud sessions.


Two cloud security vulnerabilities — in Azure Bastion and Azure Container Registry — were found in
Microsoft Azures services
, which allowed an attacker to achieve cross-site scripting (XSS) by using iframe-postMessages [and] allowed unauthorized access to the victims session within the compromised Azure service iframe, according to Orca Security.
Orca notified the Microsoft Security Response Center (MSRC) immediately upon discovery of the bugs. MSRC was able to reproduce the issues after it was notified of the vulnerabilities existence in order to patch and verify them.
Cross-site scripting (XSS) is an event in which a threat actor injects malicious scripts into a credible website, ultimately executed by users browsers unknowingly. At that point, this can lead to severe consequences,
noted Orca Security
, as threat actors can gain unauthorized access, compromise network systems, or even steal data.
However, these vulnerabilities require a victim to be lured into visiting a compromised endpoint that the malicious actor controls, commented David Lindner, CISO at 
Contrast Security
, in an emailed statement. Should Microsoft fix this? Most likely, but I would not call these severe by any means. If anyone gets lured into an attacker-controlled endpoint, all bets are off anyway.
The fixes were automatic, so no further action is required from Azure users, but they may want to look for signs of compromise.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
XSS Vulnerabilities Found in Microsoft Azure Cloud Services