Cross Site Scripting – Page 9

Using data URIs to perform XSS in anchor tags – vulnerability?

Posted on July 21, 2017 by gnalo

I’ve been looking at a few issues related to XSS. In doing so, I’ve stumbled upon a few “XSS Filter Evasion” type checklists that demonstrate supposed XSS via data URIs. For example:

The last line of: https://gist.github.co… Continue reading Using data URIs to perform XSS in anchor tags – vulnerability?→

Microsoft Patch Tuesday Update Fixes 19 Critical Vulnerabilities

Posted on July 11, 2017 by Tom Spring

Microsoft releases a total of 57 security patches, part of its July Patch Tuesday, with 20 rated critical. Continue reading Microsoft Patch Tuesday Update Fixes 19 Critical Vulnerabilities→

Is reflected XSS still relevant today?

Posted on July 2, 2017 by Gigi

I’ve been learning more about XSS (for the unfamiliar, Excess XSS is a great resource). I opted to get my hands dirty and give Reflected XSS a try on a local environment. I set up a very simple vulnerable PHP page running on … Continue reading Is reflected XSS still relevant today?→

Major Hole Plugged in Secure File Transfer Tool

Posted on June 27, 2017 by Michael Mimoso

Biscom recently patched a stored cross-site scripting vulnerability in its secure file transfer product. Continue reading Major Hole Plugged in Secure File Transfer Tool→

Major Hole Plugged in Secure File Transfer Tool

Posted on June 27, 2017 by Michael Mimoso

Biscom recently patched a stored cross-site scripting vulnerability in its secure file transfer product. Continue reading Major Hole Plugged in Secure File Transfer Tool→

GameStop Online Shoppers Officially Warned of Breach

Posted on June 9, 2017 by Tom Spring

Some customers are irked it took GameStop months to inform them that their personal and financial information could have been compromised in a breach of GameStop.com that began in August 2016. Continue reading GameStop Online Shoppers Officially Warned of Breach→

Verizon Patches XSS Issues in its Messaging Client

Posted on May 22, 2017 by Michael Mimoso

Verizon patched late last year persistent- DOM-based cross-site scripting vulnerabilities in its Message+ messaging client that could allow an attacker to control a user’s session. Continue reading Verizon Patches XSS Issues in its Messaging Client→

Apple Releases Dozens of Security Patches for Everything

Posted on May 16, 2017 by Swati Khandelwal

While Windows users are currently in fear of getting their systems hijacked by the WannaCry ransomware outbreak, Apple users are sitting relaxed, thinking that malware attacks are something that happens to Windows users, and not Apple.

But you are mistaken – Apple products are also not immune to the hack attacks and malware infections, as an ebook can hack your Mac, iPhone, and iPad.

Apple

Continue reading Apple Releases Dozens of Security Patches for Everything→

ColdFusion Hotfix Resolves XSS, Java Deserialization Bugs

Posted on April 25, 2017 by Chris Brook

Adobe released an important security hotfix for several versions of Coldfusion, resolving two bugs, Tuesday morning. Continue reading ColdFusion Hotfix Resolves XSS, Java Deserialization Bugs→

IoT Security is Hard: Here’s What You Need to Know

Posted on April 21, 2017 by Jack Laidlaw

Security for anything you connect to the internet is important. Think of these devices as doorways. They either allow access to services or provides services for someone else. Doorways need to be secure — you wouldn’t leave your door unlocked if you lived in the bad part of a busy city, would you? Every internet connection is the bad part of a busy city. The thing is, building hardware that is connected to the internet is the new hotness these days. So let’s walk through the basics you need to know to start thinking security with your projects.

If you …read more

Continue reading IoT Security is Hard: Here’s What You Need to Know→