XSS News, Articles and Updates

Defending against cross-site scripting vulnerabilities

Cross site scripting vulnerabilities are easy to exploit. The best way to prevent exploitation is by applying input and output sanitation as well as ensuring the security basics are carried out.

XSS flaw found in the Google's PHP API client enables phishing attacks

Security researchers have discovered a bug in Google's PHP client library for accessing Google APIs that could enable criminals to take advantage of the cross-site scripting flaw and carry out a phishing attack.

Zscaler fixes XSS vulnerability in admin portal affecting co-workers

Cloud security vendor fixes cross-site-scripting bug, downplays the threat, says it would only affect co-workers.

Cross-site scripting vulnerability found on Google's French website

Sacre Bleu!: A type of XSS vulnerability has been discovered in the French version of Google

Reflected XSS vuln found on Fortinet login page

A reflected cross-site scripting (RXSS) attack that let attackers log their passwords in cleartext was found contained on Fortinet's login page.

Netsparker: 2/3 of web applications are flawed

Internal code imperfections have lead to cross-site scripting (XSS) and SQL injections, with 68 percent of web apps surveyed vulnerable according to application security company Netsparker.

Magento issues fixes for 20 vulnerabilities, two rated critical

E-commerce content management provider Magento issued several patches to fix XSS vulnerabilities that could have injected a malicious JavaScript code into the company's online ordering form allowing the system to be taken over remotely.

XSS vuln found on mobile site of Yahoo! Mail

An easy-to-exploit cross-site scripting (XSS) vulnerability was located in Yahoo Mail's mobile site by security researcher, Ibrahim Raafat.

PayPal patches stored XSS vulnerabilities discovered by bounty hunters

Stored XSS vulnerabilities exposed payments page and opened PayPal users to malicious file attacks, say researchers.

WordPress 4.2.3 released, addresses critical XSS vulnerability

WordPress 4.2.3 was made available on Thursday - the update comes with fixes for a number of bugs, including a potentially dangerous cross-site scripting (XSS) vulnerability.

WordPress XSS flaw an example of growing sophistication

A flaw has been found in the genericons WordPress package that creates vulnerabilities in any plug-in or theme which uses it.

Internet Explorer XSS flaw opens door to thieves and phishers

A critical new cross-site scripting (XSS) flaw affecting fully-patched versions of Internet Explorer 11 on Windows 7 and 8 could make users vulnerable to phishing and malvertising attacks, as well as data and log-in credential theft.

Tweetdeck users warned on XSS vulnerability

A new XSS vulnerability in Tweetdeck, the popular social media management platform for Twitter, could allow hackers to execute JavaScript code and even steal user credentials.

Potentially major XSS/JavaScript flaw found in Office 365

Microsoft Office 365's security outlook: cloudy

Use of cross-site scripting attacks massively increased at end of 2012

Cross-site scripting (XSS) and SQL injection attacks remain the most prominent cyber attack method.

XSS flaws detected in ESPN ScoreCenter mobile app

Researchers have discovered two security holes in a sporting mobile app, less than two weeks ahead of one of America's biggest sporting events.

Externally developed applications fail compliance tests and do not comply with standards

Around two-thirds of mission-critical applications are developed externally and are not compliant with industry standards.