Collaborate Disseminate
As you may recall, back in June, Checkmarx disclosed multiple cross-site scripting (XSS) vulnerabilities impacting Drupal Core, listed as CVE-2020-13663, followed by a more technical breakdown of the findings in late November. Today, we’re releasing de… Continue reading Drupal Core: Behind the Vulnerability
The recently patched REST API Endpoint vulnerability in WordPress could be leveraged to pull off stored cross-site scripting attacks. Continue reading WordPress REST API Bug Could Be Used in Stored XSS Attacks
Finnish security researcher Jouko Pynnonen found a second stored cross-site scripting vulnerability in Yahoo Mail in less than a year, both of which earned him $10,000 bug bounties. Continue reading Yahoo Mail XSS Bug Worth Another $10K to Researcher
Finnish security researcher Jouko Pynnonen found a second stored cross-site scripting vulnerability in Yahoo Mail in less than a year, both of which earned him $10,000 bug bounties. Continue reading Yahoo Mail XSS Bug Worth Another $10K to Researcher
Cross-site Scripting (XSS) origins go (arguably) back to a lab in Microsoft in 1999. With the first disclosure of the issue titled “Malicious HTML Tags Embedded in Client Web Requests“, this research sparked an entire generation of an attack that somehow still seems to persist in modern web applications today. Despite this vulnerability being well-known… Read More Continue reading XSS Hunter – A Modern Approach to Testing for Cross-site Scripting (XSS)