{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/anti-targeted-attack-platform/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:fedoralovespython:lxml_html_clean:*:*:*:*:*:python:*:*"],"_cs_cves":[{"cvss":6.1,"id":"CVE-2026-28348"},{"cvss":6.1,"id":"CVE-2026-28350"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Anti Targeted Attack Platform"],"_cs_severities":["medium"],"_cs_tags":["xss","vulnerability","web-application"],"_cs_type":"advisory","_cs_vendors":["Kaspersky"],"content_html":"\u003cp\u003eMultiple vulnerabilities have been discovered in Kaspersky Anti Targeted Attack Platform. These vulnerabilities, tracked as CVE-2026-28348 and CVE-2026-28350, can be exploited to perform a remote cross-site scripting (XSS) attack. This impacts versions of Kaspersky Anti Targeted Attack Platform prior to 7.1.7. Exploitation of these vulnerabilities allows an attacker to inject malicious scripts into the web pages viewed by other users. A successful XSS attack can lead to session hijacking, defacement of websites, or redirection of users to malicious sites.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable endpoint within the Kaspersky Anti Targeted Attack Platform web application. This endpoint accepts user-controlled input without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious URL or injects malicious code into a form field that will be processed by the vulnerable endpoint. This malicious code includes JavaScript or other client-side scripting languages.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers the crafted URL to a victim user, typically through phishing, social engineering, or by injecting the link into another part of the application.\u003c/li\u003e\n\u003cli\u003eThe victim user clicks on the malicious link or interacts with the injected form.\u003c/li\u003e\n\u003cli\u003eThe vulnerable endpoint processes the attacker-supplied input and embeds it into the HTML response without proper encoding or sanitization.\u003c/li\u003e\n\u003cli\u003eThe victim\u0026rsquo;s web browser renders the HTML response, executing the attacker\u0026rsquo;s injected script.\u003c/li\u003e\n\u003cli\u003eThe injected script executes within the security context of the victim\u0026rsquo;s browser, allowing the attacker to access cookies, session tokens, and other sensitive information.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen information to hijack the victim\u0026rsquo;s session, deface the web application, or redirect the victim to a malicious website.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these XSS vulnerabilities (CVE-2026-28348, CVE-2026-28350) in Kaspersky Anti Targeted Attack Platform can lead to unauthorized access to sensitive data, including user credentials and internal system information. The impact ranges from defacement to complete account takeover. Since the vulnerability exists in a security product, successful exploitation severely undermines the security posture of affected organizations. The number of potential victims depends on the user base of the affected Kaspersky Anti Targeted Attack Platform installations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Kaspersky Anti Targeted Attack Platform to version 7.1.7 or later to remediate CVE-2026-28348 and CVE-2026-28350 (see Kaspersky Security Bulletin 12430#260526).\u003c/li\u003e\n\u003cli\u003eImplement a Web Application Firewall (WAF) with rules to detect and block common XSS attack patterns targeting the Kaspersky Anti Targeted Attack Platform web interface.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately feasible, consider implementing input validation and output encoding on the Kaspersky Anti Targeted Attack Platform web interface as a temporary mitigation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-27T14:31:49Z","date_published":"2026-05-27T14:31:49Z","id":"https://feed.craftedsignal.io/briefs/2026-05-kaspersky-ata-xss/","summary":"Multiple vulnerabilities have been discovered in Kaspersky Anti Targeted Attack Platform versions prior to 7.1.7, allowing an attacker to cause a remote cross-site scripting (XSS) vulnerability, tracked as CVE-2026-28348 and CVE-2026-28350.","title":"Kaspersky Anti Targeted Attack Platform Multiple XSS Vulnerabilities","url":"https://feed.craftedsignal.io/briefs/2026-05-kaspersky-ata-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — Anti Targeted Attack Platform","version":"https://jsonfeed.org/version/1.1"}