Malicious code could have been used to compromise an account, forward messages to an external account, or even spread a Yahoo Mail-infecting virus. Read more in my article on the We Live Security blog.
Despite having ample opportunity to resolve the issues, ASDA has failed to do so. Watch Paul Moore’s video to learn more.
The recently discovered XSS flaw on eBay’s website could have put users’ accounts at risk. And sadly, it’s not an uncommon problem. Read more in my article on the Bitdefender Business Insights blog.
Within three hours of being reported, a serious cross-site scripting (XSS) vulnerability on LinkedIn’s website has been fixed by its security team. Read more in my article on the Hot for Security blog.
Starbucks has patched three critical security vulnerabilities on its website, but it still hasn’t respond to the security researcher who first found the bugs. David Bisson reports.
A cross-site scripting (XSS) flaw on PayPal’s website could have been used by hackers to phish for your login credentials, and even steal your unencrypted card details. Read more in my article on the Lumension State of Security blog.
Hackers could have phished usernames and passwords from customers, while they were on the Salesforce website. Read more in my article on the Tripwire State of Security blog.
Yet more cross-site scripting security holes found in WordPress. Users advised to update their websites “immediately.”
Do you, or your business, run a self-hosted WordPress site? If so, it’s time to ensure that you are updating to the latest version.
Security researcher Scott Helme describes how you can better secure your website from cross-site scripting attacks, ad injectors and malvertising.
Many WordPress sites are at risk of hijack, after cross-site scripting vulnerability uncovered. Read more in my article on the Tripwire State of Security blog.
Researcher complains that WordPress has been ignoring his vulnerability reports, as details of zero-day comments XSS flaw are made public and then patched.
Popular WordPress plugins such as JetPack and WordPress SEO by Yoast need to be updated after a cross-site scripting flaw was found in their code. And they’re not the only ones…
Cross-site scripting (XSS) flaws are amongst the most commonly encountered security flaws found on websites, opening up opportunities for malicious hackers to hijack customer accounts, change users’ settings and phish login credentials. So how come websites keep falling foul of them?
XSS vulnerabilities are nothing new, but continue to be a big problem even for some websites that you would expect to be better protected. Read more in my article on the Tripwire State of Security blog.
Online WYSIWYG editors allowing rich content could be making it easier for attackers to launch cross-site scripting (XSS) attacks. Read more in my article on the Tripwire State of Security blog.