App, security teams need closer bond to fend off cyberattacks Enterprises should shift left to protect themselves, says Immersive Labs Security09 Mar 2022 | 1
DMCA-dot-com XSS vuln reported in 2020 still live today and firm has shrugged it off Researcher tells world after being stonewalled Security02 Feb 2022 | 10
Infosec chap: I found a way to hijack your web accounts, turn on your webcam from Safari – and Apple gave me $100k Now you see a harmless PNG. Now it's a malicious payload. Look into my eyes Security26 Jan 2022 | 20
Unpatched flaw 'weaponises' Apple AirTags to turn them into the phisherman's friend XSS vulnerability allows miscreants to hijack phone number field on website Security29 Sep 2021 | 28
Don't be a WordPress RCE-hole and patch up this XSS vuln, pronto Not on 5.1.1? You should be Security14 Mar 2019 | 7
Epic's Fortnite fail: Ancient UT2004 server used for login-stealing proof-of-concept A tale of XSS, SQL injection and OAuth implementation Security16 Jan 2019 | 18
Sealed with an XSS: IT pros urge Lloyds Group to avoid web cross talk Online login details could be harvested by miscreants – bank says: We're secure Security20 Sep 2018 | 21
Criminal mastermind injects malicious script into Ethereum tracker. Their message? '1337' Etherscan XSS snafu could have been much, much worse Security25 Jul 2018 | 3
uBlock Origin ad-blocker knocked for blocking hack attack squawking Block all the things! No, wait, not the XSS security alerts Security17 Oct 2017 | 57
Microsoft won't patch Edge browser content security bypass Tells Cisco's Talos it's a feature, not a bug. Apple and Google disagree and fixed it Security07 Sep 2017 | 37
Aruba AirWave admin? Get the latest patch XML and cross-site scripting bug-fixes Networks02 Mar 2017 |
'I found a bug that let anyone read anyone's Yahoo! Mail and all I got was this $10k check' Sorry! Too! hungover! from! rum! eggnog! binging! to! shout! in! the! headline! Security09 Dec 2016 | 24
Bletchley Park Trust vows to shore up insecure website Security boffin blasts caretakers of Alan Turing's legacy Security29 Nov 2016 | 14
Google tries to cross out XSS attacks by releasing its own test tool Just about every content security policy does it wrong Security27 Sep 2016 |
GoDaddy plugs account hijack XSS vulnerability Forgotten payload borks support call Security10 May 2016 | 2
Zen Cart admins: Don't skip version 1.5.5 Hiding behind all those points is a patch for an admin-interface XSS mess Security30 Mar 2016 |
VMware vRealizes that vRealize has XSS bugs on Linux Virtzilla's also released first maintenance release for vRealize Automation Virtualization16 Mar 2016 |
Yahoo! Mail! Had! Nasty! XSS! Bug! Finnish fellow scores $10k bug bounty for reporting malformed HTML mess Security19 Jan 2016 | 14
Unconfirmed PayPal 0day auth flaw lingers after XSS gets fixed Brace of bugs unveiled in payment facilitator's security structure Security04 Sep 2015 | 4
Salesforce plugs silly website XSS hole, hopes nobody spotted it Web development 101: Thou shalt stop thy users from inputting JavaScript Security14 Aug 2015 | 4
XSSposed launches pay-whatever bug bounty Tick tock clock counts down to Full Disclosure Security07 Jul 2015 | 2
US National Vulnerability Database contained ... yup, an XSS vuln NIST attempts to create some kind of ironic self-referencing meta-vuln Systems18 Jun 2015 | 7
eBay year-long patch stall a little XSSive, researcher says Session jacking bug bores bug bounty boffins Security30 Apr 2015 | 2
Comments considered harmful: WordPress web hijack bug revealed Patch NOW after researcher drops zero-day on popular blog software SaaS27 Apr 2015 | 11
Silent but violent: Foul Google Play flaw lets hackers emit smelly apps Say it with us: 'Permissionless sharing' Security11 Feb 2015 | 14
Taxi app Uber plugs 'privacy-threatening' web security flaw Updated Forget VW, watch out for the XSS bug Security10 Dec 2014 | 8
Researcher details nasty XSS flaw in popular web editor First denial, then anger, then DDoS, then patching. Security01 Oct 2014 | 4
Vid shows how to easily hack 'anti-spy' webmail (sorry, ProtonMail) Video + Update Filtering evil JavaScript is tricky if you're encrypting in the browser Security07 Jul 2014 | 15
TweetDeck XSS flap: Miscreants flash their naughty bits at users Updated Plus BBC Breaking lives up to its name Security11 Jun 2014 | 6
Google launches hacker game to train bug 'mercenaries' Increase your XSS-fu, win cake Security30 May 2014 | 4
Yahoo! Saves! Trolls! From! Session! Jacking! Holes! Cross site scripting SNAFU infected myriad Purple Palace comment pages Security20 May 2014 | 3
Innocent surfers drafted into ZOMBIE ARMY by sneaky XSS vuln Javascript snafu turned 22,000 bods into unwitting DDoSers Security25 Apr 2014 | 4
ICO plugs XSS vuln in its website. Only took watchdog FIVE YEARS 'Nonchalant attitude' shocks me, says blogger Security28 Mar 2014 | 10
RoR Paperclip infested by content type spoofing bug Rise and shine, Ruby devs, it's patching time! Security09 Feb 2014 |
Ubuntu puts forums back online, reveals autopsy of a brag hacker Canonical hardens security, shows Sputn1k_ only wolfed down useless salted hash Software02 Aug 2013 | 20
The Grauniad corrects an error on its website Login page XSS, though, not content. No commenter IDs compromised ... Security19 Jul 2013 | 3
PayPal denies stiffing bug-hunting teen on bounty Someone else got there first, claims firm Security30 May 2013 | 30
Filthy! old! blog! bug! blamed! for! Yahoo! webmail! hijacks! Unpatched WordPress flaw clears way for inbox takeovers Security01 Feb 2013 | 5
Yahoo! email! hijack! exploit!... Yours! for! $700! Cybercrook: It's a bargain, guys... They usually cost way more Security27 Nov 2012 | 3
eBay: It's safe to buy busted lava lamps and bug-infested rugs again XSS vuln squished; hackers could have made you bid Security22 Nov 2012 | 3
Chick-lit star snubs Menshn.com password flaw alert Updated 'Snippy geek' finds fresh holes in MP's web-jabber thing Security05 Sep 2012 | 41
Security still slack in WA government agencies Auditor General highlights payment security concerns Security28 Jun 2012 | 1
'Self-aware' bank account robbing code unleashed by hacker 'XSS on steroids' crafted to highlight web security holes Security16 Dec 2011 | 26
Patchy app development security slammed Eight out of 10 tested apps riddled with flaws Software08 Dec 2011 | 8
AmEx 'debug mode left site wide open', says hacker Customer cookies 'at risk' Security07 Oct 2011 | 12
Researchers poke gaping holes in Google Chrome OS Black Hat Chromebook only as safe as its weakest apps Personal Tech03 Aug 2011 | 22
Skype: XSS vuln fix is on the way Updated Backend backdoor to be firmly plugged Security19 Jul 2011 | 1
Twitter blames website upgrade for re-introducing XSS hole Rainbow tweets point to crock of sh... Security22 Sep 2010 | 7
Security bugs reinfect financial giant’s website Ameriprise and the case of the relapsed XSS Security01 Feb 2010 |
Major IE8 flaw makes 'safe' sites unsafe Exclusive Microsoft's XSS buster busted Channel20 Nov 2009 | 11
Mozilla service detects insecure Firefox plugins Slated for browser embedding Security14 Oct 2009 | 7