cross-site scripting

Starbucks stays schtum, after patching critical website vulnerabilities

Starbucks has patched three critical security vulnerabilities on its website, but it still hasn’t respond to the security researcher who first found the bugs.

David Bisson reports.

PayPal XSS flaw could have let hackers steal your unencrypted credit card details

A cross-site scripting (XSS) flaw on PayPal’s website could have been used by hackers to phish for your login credentials, and even steal your unencrypted card details.

Read more in my article on the Lumension State of Security blog.

XSS flaw put Salesforce accounts at risk of hijacking

Hackers could have phished usernames and passwords from customers, while they were on the Salesforce website.

Read more in my article on the Tripwire State of Security blog.

WordPress 4.2.4 released, fixing critical security holes. Update immediately!

Yet more cross-site scripting security holes found in WordPress. Users advised to update their websites “immediately.”

WordPress 4.2.3 released, fixing critical security hole. Update!

Do you, or your business, run a self-hosted WordPress site?

If so, it’s time to ensure that you are updating to the latest version.

Popular WordPress plugins found vulnerable to XSS vulnerability

Popular WordPress plugins such as JetPack and WordPress SEO by Yoast need to be updated after a cross-site scripting flaw was found in their code. And they’re not the only ones…

eBay XSS password-stealing security hole “existed for months”

The BBC reports that users have been hit by a cross-site scripting flaw on eBay since at least February, putting passwords at risk of phishers.

Weibo, China’s Twitter-like service, hit by worm

A worm which broke out on Weibo, exploited a cross-site scripting flaw and sent around messages claiming to link to naked photos of Fan Bingbing, romantic poetry and mobile phone spyware.