Anti Targeted Attack Platform — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/products/anti-targeted-attack-platform/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioWed, 27 May 2026 14:31:49 +0000Kaspersky Anti Targeted Attack Platform Multiple XSS Vulnerabilitieshttps://feed.craftedsignal.io/briefs/2026-05-kaspersky-ata-xss/Wed, 27 May 2026 14:31:49 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-kaspersky-ata-xss/Multiple vulnerabilities have been discovered in Kaspersky Anti Targeted Attack Platform versions prior to 7.1.7, allowing an attacker to cause a remote cross-site scripting (XSS) vulnerability, tracked as CVE-2026-28348 and CVE-2026-28350.Multiple vulnerabilities have been discovered in Kaspersky Anti Targeted Attack Platform. These vulnerabilities, tracked as CVE-2026-28348 and CVE-2026-28350, can be exploited to perform a remote cross-site scripting (XSS) attack. This impacts versions of Kaspersky Anti Targeted Attack Platform prior to 7.1.7. Exploitation of these vulnerabilities allows an attacker to inject malicious scripts into the web pages viewed by other users. A successful XSS attack can lead to session hijacking, defacement of websites, or redirection of users to malicious sites.

Attack Chain

  1. The attacker identifies a vulnerable endpoint within the Kaspersky Anti Targeted Attack Platform web application. This endpoint accepts user-controlled input without proper sanitization.
  2. The attacker crafts a malicious URL or injects malicious code into a form field that will be processed by the vulnerable endpoint. This malicious code includes JavaScript or other client-side scripting languages.
  3. The attacker delivers the crafted URL to a victim user, typically through phishing, social engineering, or by injecting the link into another part of the application.
  4. The victim user clicks on the malicious link or interacts with the injected form.
  5. The vulnerable endpoint processes the attacker-supplied input and embeds it into the HTML response without proper encoding or sanitization.
  6. The victim’s web browser renders the HTML response, executing the attacker’s injected script.
  7. The injected script executes within the security context of the victim’s browser, allowing the attacker to access cookies, session tokens, and other sensitive information.
  8. The attacker uses the stolen information to hijack the victim’s session, deface the web application, or redirect the victim to a malicious website.

Impact

Successful exploitation of these XSS vulnerabilities (CVE-2026-28348, CVE-2026-28350) in Kaspersky Anti Targeted Attack Platform can lead to unauthorized access to sensitive data, including user credentials and internal system information. The impact ranges from defacement to complete account takeover. Since the vulnerability exists in a security product, successful exploitation severely undermines the security posture of affected organizations. The number of potential victims depends on the user base of the affected Kaspersky Anti Targeted Attack Platform installations.

Recommendation

  • Upgrade Kaspersky Anti Targeted Attack Platform to version 7.1.7 or later to remediate CVE-2026-28348 and CVE-2026-28350 (see Kaspersky Security Bulletin 12430#260526).
  • Implement a Web Application Firewall (WAF) with rules to detect and block common XSS attack patterns targeting the Kaspersky Anti Targeted Attack Platform web interface.
  • If upgrading is not immediately feasible, consider implementing input validation and output encoding on the Kaspersky Anti Targeted Attack Platform web interface as a temporary mitigation.
]]>mediumadvisoryxssvulnerabilityweb-application