Cross site scripting vulnerabilities are easy to exploit. The best way to prevent exploitation is by applying input and output sanitation as well as ensuring the security basics are carried out.
Security researchers have discovered a bug in Google's PHP client library for accessing Google APIs that could enable criminals to take advantage of the cross-site scripting flaw and carry out a phishing attack.
Cloud security vendor fixes cross-site-scripting bug, downplays the threat, says it would only affect co-workers.
Sacre Bleu!: A type of XSS vulnerability has been discovered in the French version of Google
A reflected cross-site scripting (RXSS) attack that let attackers log their passwords in cleartext was found contained on Fortinet's login page.
Internal code imperfections have lead to cross-site scripting (XSS) and SQL injections, with 68 percent of web apps surveyed vulnerable according to application security company Netsparker.
An easy-to-exploit cross-site scripting (XSS) vulnerability was located in Yahoo Mail's mobile site by security researcher, Ibrahim Raafat.
Stored XSS vulnerabilities exposed payments page and opened PayPal users to malicious file attacks, say researchers.
WordPress 4.2.3 was made available on Thursday - the update comes with fixes for a number of bugs, including a potentially dangerous cross-site scripting (XSS) vulnerability.
A flaw has been found in the genericons WordPress package that creates vulnerabilities in any plug-in or theme which uses it.
A critical new cross-site scripting (XSS) flaw affecting fully-patched versions of Internet Explorer 11 on Windows 7 and 8 could make users vulnerable to phishing and malvertising attacks, as well as data and log-in credential theft.
Microsoft Office 365's security outlook: cloudy
Cross-site scripting (XSS) and SQL injection attacks remain the most prominent cyber attack method.
Researchers have discovered two security holes in a sporting mobile app, less than two weeks ahead of one of America's biggest sporting events.
Around two-thirds of mission-critical applications are developed externally and are not compliant with industry standards.