{"id":12698,"date":"2022-03-25T06:48:45","date_gmt":"2022-03-25T06:48:45","guid":{"rendered":"https:\/\/myonlinesecurity.co.uk\/?p=12698"},"modified":"2022-03-25T06:48:45","modified_gmt":"2022-03-25T06:48:45","slug":"doubleclick-advertising-network-xss-vulnerability","status":"publish","type":"page","link":"https:\/\/myonlinesecurity.co.uk\/doubleclick-advertising-network-xss-vulnerability\/","title":{"rendered":"DoubleClick Advertising Network XSS Vulnerability"},"content":{"rendered":"<p>Just a quick alert about an email from Google warning of vulnerabilities in some DoubleClick publishers. This has been sent to all website owners who use DoubleClick in any form.<\/p>\n<p>However this will ONLY affect website owners who use DoubleClick as a stand alone service to display adverts. It does not affect website owners who use Google AdSense to display adverts and have enabled the additional options to also use DoubleClick as a method of advertising in the allowed advertisers section of your Google AdSense settings page.<\/p>\n<p>The email reads:<\/p>\n<p>Dear Customer,<br \/>\nWe\u2019ve identified certain vendor files that may contain XSS vulnerabilities which could pose a security risk. Please check if you are hosting these files and remove them with the help of your webmaster. These are the currently identified third-party vendor files:<\/p>\n<p>1. adform\/IFrameManager.html<\/p>\n<p>2. admotion\/afa-iframe.htm<\/p>\n<p>3. bonzai\/bonzaiBuster.html<\/p>\n<p>4. exponential\/buster.html<\/p>\n<p>5. eyeblaster\/addineyeV2.html<\/p>\n<p>6. eyewonder\/interim.html<\/p>\n<p>7. flashtalking\/ftlocal.html<\/p>\n<p>8. ipinyou\/py_buster.html<\/p>\n<p>9. jivox\/jivoxibuster.html<\/p>\n<p>10. mediaplex\/mojofb_v9.html<\/p>\n<p>11. mixpo\/framebust.html<\/p>\n<p>12. predicta\/predicta_bf.html<\/p>\n<p>13. rockabox\/rockabox_buster.html<\/p>\n<p>14. liquidus\/iframeX.htm<\/p>\n<p>15. controbox\/iframebuster.html<\/p>\n<p>16. spongecell\/spongecell-spongecellbuster.html<\/p>\n<p>17. unicast\/unicastIFD.html<\/p>\n<p>18. adrime\/adrime_burst.2.0.0.htm<\/p>\n<p>19. revjet\/revjet_buster.html<\/p>\n<p>20. kpsule\/iframebuster.html<\/p>\n<p>We have disabled these vendors where possible for all DoubleClick for Publishers and DoubleClick Ad Exchange customers. However, any of the mentioned files hosted on your site may still pose a risk and should be taken down. We will notify you as we learn more.<\/p>\n<p>For more information please refer to this Help Center article.<\/p>\n<p>Regards,<\/p>\n<p>The DoubleClick for Publishers and DoubleClick Ad Exchange Teams<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Just a quick alert about an email from Google warning of vulnerabilities in some DoubleClick publishers. This has been sent to all website owners who use DoubleClick in any form. However this will ONLY affect website owners who use DoubleClick as a stand alone service to display adverts. It does not affect website owners who&#8230;<\/p>\n","protected":false},"author":8,"featured_media":13433,"parent":0,"menu_order":0,"comment_status":"open","ping_status":"open","template":"","meta":{"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"taxonomy_info":[],"featured_image_src_large":["https:\/\/myonlinesecurity.co.uk\/wp-content\/uploads\/2022\/03\/DoubleClick-Advertising-Network.jpg",1000,457,false],"author_info":{"display_name":"Darrel Heers","author_link":"https:\/\/myonlinesecurity.co.uk\/author\/darrel-heers\/"},"comment_info":0,"_links":{"self":[{"href":"https:\/\/myonlinesecurity.co.uk\/wp-json\/wp\/v2\/pages\/12698"}],"collection":[{"href":"https:\/\/myonlinesecurity.co.uk\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/myonlinesecurity.co.uk\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/myonlinesecurity.co.uk\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/myonlinesecurity.co.uk\/wp-json\/wp\/v2\/comments?post=12698"}],"version-history":[{"count":0,"href":"https:\/\/myonlinesecurity.co.uk\/wp-json\/wp\/v2\/pages\/12698\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/myonlinesecurity.co.uk\/wp-json\/wp\/v2\/media\/13433"}],"wp:attachment":[{"href":"https:\/\/myonlinesecurity.co.uk\/wp-json\/wp\/v2\/media?parent=12698"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}