Author Topic: False positive on https://nz.tradevine.com/  (Read 1135 times)

0 Members and 1 Guest are viewing this topic.

Offline donal4

  • Newbie
  • *
  • Posts: 2
False positive on https://nz.tradevine.com/
« on: April 21, 2024, 12:28:53 AM »
Hi, I am suddenly getting what I believe are false positives on this site I have used daily for years. Can you white list it, screen shot enclosed below. Donal

Offline donal4

  • Newbie
  • *
  • Posts: 2
Re: False positive on https://nz.tradevine.com/
« Reply #1 on: April 21, 2024, 12:46:21 AM »
Forgot to mention, same issue of firefox and chrome

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89335
  • No support PMs thanks
Re: False positive on https://nz.tradevine.com/
« Reply #2 on: April 21, 2024, 02:32:35 AM »
Nothing found here - https://www.virustotal.com/gui/url/35839703d6577265c1b6a0ea2bfd1a59ca04bd6ec0228af055c2ddf9773df451?nocache=1

Minimal Security Risk reported here - https://quttera.com/detailed_report/nz.tradevine.com - however there are lots of external links that could have an impact.

Some security pointers reported here - https://en.internet.nl/site/nz.tradevine.com/2746641/

Low Risk reported here - https://sitecheck.sucuri.net/results/nz.tradevine.com - but with some security pointers.

-  These may or may not be what Avast is alerting for - but they should certainly look at this.
Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33931
  • malware fighter
Re: False positive on https://nz.tradevine.com/
« Reply #3 on: April 22, 2024, 02:52:42 PM »
Additionally to what DavidR found: https://radar.cloudflare.com/scan/8d8207ba-ddc8-4de9-abe1-0f13a849b953/security

SafeToOpen extension blocks site as malicious.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5710
  • Spartan Warrior
Re: False positive on https://nz.tradevine.com/
« Reply #4 on: April 24, 2024, 06:58:43 AM »
Still reported:  Safe to Open extension, see screenshot below.
Windows 10 Home 64-bit 22H2 Microsoft Windows Defender - Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.4.6112 (build 24.4.9067.762) UI version 1.0.803

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33931
  • malware fighter
Re: False positive on https://nz.tradevine.com/
« Reply #5 on: April 26, 2024, 10:10:06 AM »
Website needs some overhauling - reported retirable code libraries:
Quote

handlebars   1.0.beta.6   Found in -https://nz.tradevine.com/combres.axd/siteJs/365697167/ _____Vulnerability info:
Medium   poorly sanitized input passed to eval() 68   1
Medium   Quoteless attributes in templates can lead to XSS 1083 CVE-2015-8861 GHSA-9prh-257w-9277   1
High   A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template 1495 GHSA-q42p-pg8m-cqh6   123
High   Disallow calling helperMissing and blockHelperMissing directly 44 CVE-2019-19919 GHSA-w457-6q6x-cgp9   1
High   Prototype pollution 45 GHSA-g9r4-xpmj-mj65   1
High   Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS). GHSA-3cqr-58rm-57f8 CVE-2019-20920   1
High   Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](-https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting) GHSA-q2c6-c6pm-g3gh   1
High   Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).

The following template can be used to demonstrate the vulnerability:
```{{#with "constructor"}}
{{#with split as |a|}}
{{pop (push "alert('Vulnerable Handlebars JS');")}}
{{#with (concat (lookup join (slice 0 1)))}}
{{#each (slice 2 3)}}
{{#with (apply 0 a)}}
{{.}}
{{/with}}
{{/each}}
{{/with}}
{{/with}}
{{/with}}```


## Recommendation

Upgrade to version 3.0.8, 4.5.2 or later. GHSA-2cf5-4w76-r9qv   1
Medium   Denial of service 1633   1
High   Prototype Pollution in handlebars 71 CVE-2021-23383 GHSA-765h-qjxv-5f44   1
High   Remote code execution in handlebars when compiling templates CVE-2021-23369 GHSA-f2jv-r9rf-7988   1
jquery-ui-dialog   1.9.2   Found in -https://nz.tradevine.com/combres.axd/siteJs/365697167/ _____Vulnerability info:
Medium   CVE-2010-5312 6016 Title cross-site scripting vulnerability GHSA-wcm2-9c89-wmfm   12
Medium   CVE-2016-7103 281 XSS Vulnerability on closeText option GHSA-hpcf-8vf9-q4gj   123
jquery-ui-tooltip   1.9.2   Found in -https://nz.tradevine.com/combres.axd/siteJs/365697167/ _____Vulnerability info:
Medium   CVE-2012-6662 8859 Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip GHSA-qqxp-xp9v-vvx6   12
jquery-ui   1.9.2   Found in -https://nz.tradevine.com/combres.axd/siteJs/365697167/ _____Vulnerability info:
Medium   XSS when refreshing checkboxes if usercontrolled data in labels 2101 CVE-2022-31160 GHSA-h6gj-6jjq-h8g9   1234
Medium   CVE-2021-41184 XSS in the `of` option of the `.position()` util GHSA-gpqq-952q-5327   12
Medium   CVE-2021-41183 15284 XSS Vulnerability on text options of jQuery UI datepicker GHSA-j7qv-pgf6-hvh4   12
Medium   CVE-2021-41182 XSS in the `altField` option of the Datepicker widget GHSA-9gj3-hwp5-pmwc   12
Medium   CVE-2022-31160 XSS when refreshing a checkboxradio with an HTML-like initial text label GHSA-h6gj-6jjq-h8g9
source - retire.js

This website has been used to host malicious content. Avoid entering any sensitive information or downloading files from it,

polonus
« Last Edit: April 26, 2024, 10:16:21 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33931
  • malware fighter
Re: False positive on https://nz.tradevine.com/
« Reply #6 on: April 26, 2024, 04:32:01 PM »
But according to the retire.js report, this maintenance is advisable:

Quote
Upgrade the handlebars library to version 3.0.8, 4.5.2, or later to address multiple high-risk vulnerabilities
related to Arbitrary Code Execution, Prototype Pollution, Remote Code Execution, and Denial of Service.

Conduct a thorough review of the application code to ensure that poorly sanitized input is not passed to eval()
and that quoteless attributes in templates are properly handled to prevent XSS vulnerabilities.

Monitor and patch vulnerabilities in other libraries such as jquery-ui-dialog and jquery-ui-tooltip to mitigate risks
associated with Cross-Site Scripting (XSS) attacks.

Stay informed about the latest security advisories and updates for all libraries used in the application
to proactively address any potential vulnerabilities.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33931
  • malware fighter
Re: False positive on https://nz.tradevine.com/
« Reply #7 on: April 27, 2024, 03:15:33 PM »
Cooperation with A.I. produced: "Exactly, AI acts as a powerful tool for hinting and illuminating security issues by aggregating, analyzing, and interpreting vast amounts of data simultaneously. This capability allows AI to uncover hidden patterns, trends, and anomalies within datasets that may not be immediately apparent to human analysts.

By processing and synthesizing large volumes of data in real-time, AI can provide valuable hints and insights into potential security threats, vulnerabilities, and risks that may exist within a system or network. This aggregated data can shed light on the overall security posture of an organization, identifying weaknesses and areas for improvement to enhance cybersecurity defenses.

Furthermore, AI's ability to analyze data from multiple sources and in various formats enables it to provide a comprehensive view of the security landscape, helping organizations better understand the potential impact of security events and make informed decisions to mitigate risks.

Overall, AI serves as a valuable hinting and lighting tool in the realm of cybersecurity, empowering organizations to proactively identify and address security challenges by leveraging the vast amounts of data available to them. By harnessing the analytical power of AI, organizations can bolster their defenses, detect threats early, and safeguard their critical assets from cyber attacks.".

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!