Cross Site Scripting – Page 7

D-Link Patches RCE Bugs in Wireless Access Point Gear

Posted on October 5, 2018 by Lindsey O'Donnell

D-Link has released the beta version of the controller which addresses the reported vulnerabilities. Continue reading D-Link Patches RCE Bugs in Wireless Access Point Gear→

Old WordPress Plugin Being Exploited in RCE Attacks

Posted on September 17, 2018 by Tom Spring

Old instances of the popular WordPress Duplicator Plugin are leaving sites open to remote code execution attacks. Continue reading Old WordPress Plugin Being Exploited in RCE Attacks→

CSS-Based Attack Causes iOS, macOS Devices to Crash

Posted on September 17, 2018 by Lindsey O'Donnell

The attack stems from a glitch in WebKit, an HTML layout browser engine in Apple’s Safari browser. Continue reading CSS-Based Attack Causes iOS, macOS Devices to Crash→

Cross-Site Scripting Flaw in Apache ActiveMQ Threatens Web Visitors

Posted on August 24, 2018 by Lindsey O'Donnell

With the malicious code embedded into websites, the attacker can then piggyback on the trust level of the website and launch a variety of attacks. Continue reading Cross-Site Scripting Flaw in Apache ActiveMQ Threatens Web Visitors→

Two Bugs in WordPress Tooltipy Plugin Patched

Posted on June 13, 2018 by Lindsey O'Donnell

The bugs include a reflected cross-site scripting glitch and a cross-site request forgery vulnerability. Continue reading Two Bugs in WordPress Tooltipy Plugin Patched→

Bug bounty payouts double in 2018; India reports the most bugs while U.S. wins highest payouts

Posted on June 7, 2018 by Filip Truta

Some of the biggest players in various industries have turned to the crowdsourced security model – white hat-driven bug bounty programs – in a race to identify emerging vulnerabilities before the black hats do. The crowdsourced security mod… Continue reading Bug bounty payouts double in 2018; India reports the most bugs while U.S. wins highest payouts→

Severe Bug Discovered in Signal Messaging App for Windows and Linux

Posted on May 12, 2018 by Swati Khandelwal

Security researchers have discovered a severe vulnerability in the popular end-to-end encrypted Signal messaging app for Windows and Linux desktops which could allow remote attackers to execute malicious code on recipients system just by sending a mess… Continue reading Severe Bug Discovered in Signal Messaging App for Windows and Linux→

Another Critical Flaw Found In Drupal Core—Patch Your Sites Immediately

Posted on April 19, 2018 by Swati Khandelwal

It’s time to update your Drupal websites, once again.

For the second time within a month, Drupal has been found vulnerable to another critical vulnerability that could allow remote attackers to pull off advanced attacks including cookie theft, keylogg… Continue reading Another Critical Flaw Found In Drupal Core—Patch Your Sites Immediately→

HTML5 Storage Exfil via XSS – Tradecraft Security Weekly #23

Posted on January 12, 2018 by Paul Asadoorian

It is fairly common for pentesters to discover Cross-Site Scripting (XSS) vulnerabilities on web application assessments. Exploiting these issues potentially allow access to a user’s session tokens enabling attackers to navigate a site as the vic… Continue reading HTML5 Storage Exfil via XSS – Tradecraft Security Weekly #23→

Hackers Infect Magento Shops With Malware Through Extension Flaw

Posted on December 29, 2017 by Lucian Constantin

Attackers are breaking into online shops built with Magento by exploiting a known cross-site scripting vulnerability within a popular extension used by merchants for customer support. A successful compromise results in malware being installed on the we… Continue reading Hackers Infect Magento Shops With Malware Through Extension Flaw→