Collaborate Disseminate
Five critical cross-site scripting flaws were fixed by Adobe in Experience Manager as part of its regularly scheduled patches. Continue reading Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers
A researcher discovered a cross-site scripting flaw in Google Map’s export function, which earned him $10,000 in bug bounty rewards. Continue reading Bug in Google Maps Opened Door to Cross-Site Scripting Attacks
An attacker can execute remote code with no user interaction, thanks to CVE-2020-3495. Continue reading Attackers Can Exploit Critical Cisco Jabber Flaw With One Message
The cross-site scripting flaw could enable arbitrary code execution, information disclosure – and even account takeover. Continue reading High-Severity TinyMCE Cross-Site Scripting Flaw Fixed
An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites. Continue reading Newsletter WordPress Plugin Opens Door to Site Takeover
With Black Hat USA 2020 kicking off this week, Erez Yalon with Checkmarx talks about newly disclosed, critical vulnerabilities in Meetup.com – and why they are the “holy grail” for attackers. Continue reading Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes
Researchers disclosed critical flaws in the popular Meetup service at Black Hat USA 2020 this week, which could allow takeover of Meetup “Groups.” Continue reading Meetup Critical Flaws Allow ‘Group’ Takeover, Payment Theft
An attack over the weekend unsuccessfully targeted 1.3 million WordPress websites, in attempts to download their configuration files and harvest database credentials. Continue reading Attackers Target 1M+ WordPress Sites To Harvest Database Credentials
The cross-site scripting vulnerability could have allowed trivial account takeover. Continue reading Login with Facebook Bug Earns $20K Bounty
The cross-site scripting vulnerability could have allowed trivial account takeover. Continue reading Login with Facebook Bug Earns $20K Bounty