|
Home > News > Tags > Cross-site scripting
|
|
30
Stories about: Cross-site scripting |
|
|
More: next 50 >>
Version 2.3.7 of NoScript is out, getting rid of some bugs that prevented the correct functioning of the add-on. The new revision does not bring to the table any new features, only a small set of repairs.Among the modifications featured by the new revision, there is a workaround for “rapid fire” protectio... |
10 April 2012
09:09 GMT |
 |
|
A new release for NoScript extension for Mozilla Firefox is available. Revision 2.3.6 took only four release candidates to roll out as a stable. It brings to the table both fixes and improvements.
As far as improvements are concerned, NoScript 2.3.6 shows better protection against ClearClick events, as far as Disqus... |
27 March 2012
07:45 GMT |
|
|
The lack of release candidates for version 2.3.4 of NoScript is a clear indication that the developer rushed with this revision, in order to take care of an uncovered bug. In this case there was a ClearClick-related issue which would lead to infinite loops. On the other hand, version 2.3.3 of the plugin was a calcul... |
12 March 2012
09:18 GMT |
|
|
NoSript 2.3.2 had no less than five release candidates before being released as a stable. And even so, the stable build has some interesting fixes and adds two new features that should lead to better protection against cross-site scripting (XSS) attacks. Newly added to this release is an event injection that checks ... |
27 February 2012
10:35 GMT |
|
|
phpMyAdmin, the popular tool written in PHP intended to handle the administration of MySQL databases, has just reached version 3.4.8 RC1. PhpMyAdmin 3.4.8 RC1 is the first release candidate in the new series and it's mainly a bugfix release with minor security corrections.Among the bugs fixed in phpMyAdmin ... |
25 November 2011
04:49 GMT |
|
|
phpMyAdmin, the popular tool written in PHP intended to handle the administration of MySQL databases, has just reached version 3.4.6. The developers of phpMyAdmin have stated that this is only a bugfix and minor security release. Nonetheless, users should upgrade to the latest version as there are quite a few changes... |
17 October 2011
10:59 GMT |
|
|
Critical vulnerabilities identified in the 10.3.183.7 version of Flash Player and in the 10.3.186.6 of the one designed for Android made it necessary for Adobe to release new variants for each, to cover the weak links that might allow attackers to penetrate your device's protection.The early versions were exploi... |
22 September 2011
02:44 GMT |
|
|
The phpMyAdmin developers have released versions 3.4.4 and 3.3.10.4 of the web-based database management tool in order to address several cross-site scripting (XSS) vulnerabilities.The flaws are all covered in the same advisory because they are located in the same component which handles the tracking feature.They ste... |
26 August 2011
12:49 GMT |
|
|
Skype disputes the severity of a new cross-site scripting vulnerability identified in its VoIP client and claims that it cannot be used to do more than change the appearance of text.The vulnerability was discovered by an Armenian security researcher named Levent Kayan, aka noptrix, who recently identified similar fla... |
23 August 2011
09:57 GMT |
|
|
The Ruby on Rails development team has released security updates for several versions of the web application framework in order to address serious vulnerabilities.The newly released 2.3.14, 3.0.10 and 3.1.0RC6 versions address a SQL injection flaw in the quote_table_name method which could be exploited to inject arbi... |
18 August 2011
08:26 GMT |
|
|
A critical cross-site scripting (XSS) vulnerability which facilitates account hijacking has been identified in the latest variant of the popular Skype VoIP client.It appears the vulnerability was introduced along with the application's Facebook integration which has been available from version 5.3. Skype is now ... |
29 July 2011
13:59 GMT |
|
|
Serious cross-site scripting (XSS) vulnerabilities that could be exploited to hijack people's accounts have been identified in the ICQ website and instant messaging application.The vulnerabilities were discovered by Levent Kayan, an Armenian security researcher who recently found a similar flaw in Skype."ICQ.com... |
28 July 2011
11:00 GMT |
|
|
The Joomla Project has released version 1.7 of its popular content management platform as a security update that patches a cross-site scripting vulnerability and introduces an easier update mechanism.The XSS flaw is located in the Joomla core components and stems from inadequate input escaping. The vulnerability was ... |
21 July 2011
12:58 GMT |
|
|
A cross-site scripting (XSS) vulnerability which allows allows attackers to hijack web sessions has been identified in Skype. A patch will be made available next week.The XSS weakness was discovered by an Armenian hacker named Levent Kayan who notified Skype and made it public on his blog.The vulnerability is located... |
15 July 2011
12:42 GMT |
|
|
Users of Sina Weibo, the Chinese Twitter alternative, were targeted by a cross-site scripting (XSS) worm spreading through a vulnerability on the microblogging site.With over 140 million users, Sina Weibo is the most popular social networking site in China, a country where both Twitter and Facebook are banned.The sit... |
1 July 2011
07:13 GMT |
|
|
Google has released a Chrome extension that is capable of checking client-side code for cross-site scripting weaknesses and other security issues.Called DOM Snitch, the still-experimental extension intercepts JavaScript calls to potentially dangerous functions like document.write, document.cookie, HTMLElement.innerHT... |
22 June 2011
12:27 GMT |
|
|
Adobe has released a new update for Flash Player in order to address a cross-site scripting (XSS) vulnerability that is being actively exploited in the wild."This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if t... |
6 June 2011
03:53 GMT |
|
|
The Ruby on Rails development team has released an update for the web application framework which addresses a cross-site scripting (XSS) vulnerability.The new Rails 3.0.6 version contains multiple bug fixes and changes in addition to the security patch and comes after two release candidates.The XSS vulnerability affe... |
6 April 2011
11:54 GMT |
|
|
A Facebook cross-site scripting (XSS) vulnerability was used to launch a self-propagating spam worm on the social network, according to security researchers from Symantec.The XSS vulnerability was located in the Facebook mobile API and was caused by insufficient JavaScript validation.In order to exploit it, attackers... |
30 March 2011
03:30 GMT |
|
|
McAfee has patched multiple cross-site scripting (XSS) and information disclosure vulnerabilities exposed by ethical hackers in its website.The vulnerabilities were disclosed as zero-days on the Full Disclosure mailing list after McAfee failed to address them for over a month.According to members of the YGN Ethical H... |
29 March 2011
09:41 GMT |
|
|
A Facebook cross-site scripting vulnerability was exploited by hackers to create an XSS worm with the purpose of spamming weight loss products.According to security researchers from Symantec who analyzed the attack, the persistent XSS vulnerability leveraged was located somewhere in the application publishing form.Th... |
10 March 2011
12:55 GMT |
|
|
Google has fixed a critical vulnerability in the Android Market website which allowed potential attackers to remotely install rogue apps on visitors' devices.The bug stemmed from a simple cross-site scripting (XSS) weakness in the form used to publish new applications and was discovered by Jon Oberheide, a secur... |
8 March 2011
02:45 GMT |
|
|
Password management service LastPass has fixed a serious cross-site scripting vulnerability on its website which could have been exploited to obtain sensitive information about other people's accounts.LastPass allows users to generate secure passwords for each of their accounts and store them inside an encrypted... |
1 March 2011
02:19 GMT |
|
|
Researchers from security vendor M86 Security have identified a serious cross-site scripting (XSS) vulnerability in the RapidShare.com website which allowed attackers to potentially scam users.RapidShare is one of the largest file hosting providers on the Internet and with hundreds of millions of monthly visitors it ... |
21 February 2011
05:21 GMT |
|
|
The Ruby on Rails project has released new security updates to address several serious vulnerabilities affecting the Web application development platform.The new 3.0.4 and 2.3.11 versions fix a total of four vulnerability of low and medium impact which facilitate cross-site scripting, cross-site request forgery (CSRF... |
11 February 2011
02:27 GMT |
|
|
WordPress 3.0.4 has been released as a critical security update for the popular blogging platform to address several cross-site scripting issues.WordPress developers recommend deploying the update as soon as possible, because the weaknesses are located in a core component."I would rate this release as 'critical&... |
30 December 2010
02:48 GMT |
|
|
webOS, the mobile operating system Palm announced officially in the beginning of the last year, comes with a series of critical security issues, experts confirmed. Among these flaws, there is a cross-site scripting issue, which could allow hackers to gain remote control of devices.Orlando Barrera and Daniel Herrera ... |
27 November 2010
06:12 GMT |
|
|
The newly released Opera 10.63 addresses several same-origin policy issues, that can lead to cross-site scripting attacks and theft of sensitive information.In total, there are five vulnerabilities fixed in the new Opera version, four stemming from failure to properly detect a resource's origin and one involving... |
13 October 2010
02:26 GMT |
|
|
New cross-site scripting (XSS) vulnerabilities, that can be leveraged to create very credible phishing attacks, have been identified on PayPal and eBay.The PayPal XSS weakness was discovered by a Romanian security enthusiast using the online handle of d3v1l, who disclosed it on his blog.Cross-site scripting vulnerabi... |
6 October 2010
13:26 GMT |
|
|
A cross-site scripting (XSS) vulnerability has been identified on an American Express website secured with EV SSL and can be exploited to enhance phishing attacks.XSS weaknesses are the result of poor input validation into Web forms and allow attackers to return potentially malicious code to visitors' browsers.E... |
5 October 2010
08:00 GMT |
|
|
A persistent cross-site scripting (XSS) weakness discovered on Amazon, allowed potentially rogue merchants to generate product listings capable of hijacking session cookies.The vulnerability was discovered and reported to the XSSed Project on September 30 by a security researcher calling himself SeeMe.The problem is ... |
4 October 2010
06:57 GMT |
|
|
Nine different Vodafone websites are vulnerable to cross-site scripting (XSS) vulnerabilities, while the UK one is affected by a more dangerous SQL injection flaw.XSS weaknesses were found on Vodafone.com, Vodafone.com.au, Vodafone.de, Vodafone.es, Vodafone.it , Vodafone.gr , Vodafone.ie , Vodafone.ro, Vodafone.com.t... |
30 September 2010
02:18 GMT |
|
|
Two security researchers have independently identified cross-site scripting vulnerabilities in PayPal's mobile and sandbox websites over the weekend, which could have been exploited in phishing attacks.The XSS weakness on the registration.sandbox.paypal.com website was discovered by a member of the Romanian Secu... |
27 September 2010
12:27 GMT |
|
|
A cross-site scripting vulnerability was exploited Saturday on Orkut to launch a fast-spreading worm that auto-posted a rogue message reading "Bom Sabado" on people's scrapbooks."Bom Sabado" means "Good Saturday" in Portuguese, which led some people to assume that the worm originated in Brazil, where Orkut has a... |
27 September 2010
08:08 GMT |
|
|
The extremely viral cross-site scripting (XSS) worm, that hit Twitter yesterday did not have a malicious component, but the attack itself was monetized by directing affected users to surveys.As most people are aware by now, Twitter was the subject of several XSS-based attacks yesterday. Some of them consisted of simp... |
22 September 2010
03:25 GMT |
|
|
A newly discovered Twitter cross-site scripting vulnerability has been used to create an XSS worm that forces users to re-post hidden code by simply rolling the mouse over it.The vulnerability appears to stem from the way Twitter parses links that contain the @ character, which has special meaning on the micro-bloggi... |
21 September 2010
08:50 GMT |
|
|
A cross-site scripting (XSS) vulnerability, which could be used to enhance phishing and other attacks, has been identified on the usa.visa.com website.The weakness was reported yesterday to the XSSed Project by a security researcher, who goes by the online handle of d3v1l.D3v1l's track record involves finding si... |
20 September 2010
07:44 GMT |
|
|
Spammers are exploiting an undisclosed Facebook vulnerability to force users to automatically post rogue messages on their walls when opening a maliciously crafted app page."I thought this survey stuff was GARBAGE but i just went on a shopping spree at walmart thanks to FB = [URL] , this wont last long so gooo!" or "... |
7 September 2010
03:20 GMT |
|
|
A new cross-site scripting (XSS) weakness identified on Twitter and can be leveraged by attackers to hijack users' sessions and post on their behalf.According to a report from the XSSed Project, the vulnerability is located in the search script on dev.twitter.com and was discovered by a researcher calling himsel... |
6 September 2010
13:15 GMT |
|
|
The latest updates released Today for Ruby address a medium-risk cross-site scripting vulnerability discovered in the reference implementation earlier this year by security researchers from Apple.Ruby is an object-oriented programming language, which is similar to Perl and Python in syntax and other aspects, but is g... |
16 August 2010
16:16 GMT |
|
|
Researchers warn that HTML5 support might pose serious security problems for websites by making code formerly thought secure, vulnerable. A critical and undetectable cross-site scripting hole on Facebook was used to demonstrate the concept.“HTML 5 does not do much to solve browser security issues. In fact it ac... |
19 July 2010
04:48 GMT |
|
|
YouTube was plagued by a serious cross-site scripting vulnerability over the weekend. Until Google moved in to pattch it, the bug was abused by unnamed attackers to poison the comments on multiple videos.Rumors of viruses being spread through YouTube started sometime on Sunday, and the news quickly took off on Twitte... |
5 July 2010
03:58 GMT |
|
|
Several websites belonging to security giant Symantec are vulnerable to cross-site scripting (XSS) attacks, according to a security enthusiast who discovered multiple flaws. The vulnerabilities could be leveraged to increase the credibility of email targeted attacks.According to the XSSed project, who published mirro... |
28 June 2010
09:19 GMT |
|
|
A Twitter cross-site scripting (XSS) vulnerability reported late last week was quickly fixed by the website's security staff. The flaw might have been abused in an earlier attack that affected hundreds of Twitter accounts.The persistent XSS bug was disclosed by an Indonesian grey hat hacker going by the online m... |
28 June 2010
07:48 GMT |
|
|
Google has created a Web application full of exploitable bugs to help webmasters better understand the most common type of Web attacks and learn how to prevent them. Codenamed Jarlsberg, the project is part of the Google Code University's "Web Application Exploits and Defenses" codelab.The Jarlsberg application,... |
5 May 2010
10:51 GMT |
|
|
The Apache Software Foundation (ASF) announces that several of its services were targeted in a complex attack that led to a server being completely hacked and another partially compromised. A considerable number of possibly insecure password hashes have also been lifted from the organization's systems.The attack... |
14 April 2010
10:33 GMT |
|
|
Unidentified hackers have defaced the website of the European Union Presidency assumed by Spain at the beginning of this month. The picture of Jose Luis Rodriguez Zapatero, Spain's Prime Minister, was replaced with one depicting Mr. Bean, a world-renowned comedy character.The Presidency of the Council of the Eur... |
5 January 2010
09:53 GMT |
|
|
Microsoft is cooking the next iteration of the Anti-Cross Site Scripting Library, promising that the first Community Technology Preview will be made available soon. No definitive availability date was made public at the time of this article, but Anil Revuru, Senior SDE, Information Security Tools team, did share some... |
19 October 2009
04:19 GMT |
|
|
Preview builds of Firefox 3.7 are now available for download, offering the first fruits of Mozilla’s efforts to bulletproof systems against cross-site scripting related attacks. At the end of the past month, Brandon Sterne, Mozilla security program manager, revealed that the work necessary to turn the Content S... |
5 October 2009
10:07 GMT |
|
|
Reddit was hit yesterday by an out of control XSS worm, which someone launched as a proof of concept. The website administrators moved swiftly to stop the attack and inform the public, thus earning the appreciation of the security community.Reddit is a social news and social bookmarking website that allows users to p... |
29 September 2009
05:44 GMT |
|
More: next 50 >> |
|
|
Find us on Google+
