Every so often we publish advisories about vulnerabilities we identify in open source web applications while testing the Netsparker security scanning engine. For example this year we have already published an advisory about a cross-site scripting vulnerability in MailPoet, a popular WordPress plugin that is installed on more than 300,000 websites, and an advisory about a HTTP header injection in LiteSpeed web server, which powers 2% of the websites on the internet. We got pretty excited about the LiteSpeed vulnerability, because it is a vulnerability in the web server software and not in a web application. All Vulnerabilities Are Identified Automatically Both of the above vulnerabilities, and all those documented in the advisories we published throughout the years were identified automatically with our scanning engine, that is used in both our web application security scanners Netsparker Desktop and Netsparker Cloud. Since 2011 we scanned 396 open source web applications. The scanners identified 269 vulnerabilities and we published 114 advisories about the 0-day ones. 32 of the advisories include details about multiple vulnerabilities. According to the statistics above, around 30% of
Share This