|
Home > News > Tags > XSS vulnerability
|
|
30
Stories about: XSS vulnerability |
|
|
Facebook came forward and gave some explanations on the recent spam campaign that's been hitting the walls of their customers like a plague, smudging their profiles with Justin Bieber featured in adult postures. Since many were claiming that a Facebook flaw could be behind the infection, the social networking ... |
16 November 2011
04:04 GMT |
 |
|
A hacker called SeeMe showed that one of the largest independent OpenID providers is vulnerable to a cross-site scripting attack.According to The Hacker News, the hacker made a proof-of-concept page just like in the case of the Speed Bit search engine we saw yesterday.By making use of the flaw, attackers can steal a ... |
11 November 2011
14:11 GMT |
|
|
An Indian hacker called Debasish Mandal revealed that an XSS vulnerability exposes the Speed Bit search engine to a potential JavaScript injection. The Hacker News informs that in order to prove his findings, Debasish injected an onmouseover JavaScript event into the website and as it turns out, it really works. By... |
10 November 2011
06:14 GMT |
|
|
Alexander Fuchs and Benjamin Kunz Mejri from the Vulnerability Research Laboratory discovered a persistent script code injection vulnerability in the White House's official website.
The vulnerability, rated as a high security risk, affected the site's petition system. A successful exploitation of the we... |
5 November 2011
07:52 GMT |
|
|
Vansh and Vaibhuv, two Indian hackers proved an XSS vulnerability many were talking about on underground forums. They showed that AOL Energy's website, responsible for providing news, analysis and discussions in the electricity sector, presents a serious XSS vulnerability.
The Hacker News revealed that the non-... |
4 November 2011
14:01 GMT |
|
|
All the websites that include a piece of code used by EyeWonder for advertising can be easily overtaken by a hacker and injected with arbitrary code.A programmer called David Lynch discovered the flaw with the help of a co-worker and to demonstrate the concept he made the images on popular websites such as CNN, The N... |
24 October 2011
13:41 GMT |
|
|
The website of the one known as the most powerful man in the world contains major XSS vulnerabilities that can be exploited by hackers who aren't so friendly.
The flaw was announced by someone with higher moral standards, who immediately alerted the site's webmasters, but it could have just as easily bee... |
21 September 2011
02:51 GMT |
|
|
Serious cross-site scripting (XSS) vulnerabilities that could be exploited to hijack people's accounts have been identified in the ICQ website and instant messaging application.The vulnerabilities were discovered by Levent Kayan, an Armenian security researcher who recently found a similar flaw in Skype."ICQ.com... |
28 July 2011
11:00 GMT |
|
|
The Joomla Project has released version 1.7 of its popular content management platform as a security update that patches a cross-site scripting vulnerability and introduces an easier update mechanism.The XSS flaw is located in the Joomla core components and stems from inadequate input escaping. The vulnerability was ... |
21 July 2011
12:58 GMT |
|
|
A cross-site scripting (XSS) vulnerability which allows allows attackers to hijack web sessions has been identified in Skype. A patch will be made available next week.The XSS weakness was discovered by an Armenian hacker named Levent Kayan who notified Skype and made it public on his blog.The vulnerability is located... |
15 July 2011
12:42 GMT |
|
|
Adobe has released a new update for Flash Player in order to address a cross-site scripting (XSS) vulnerability that is being actively exploited in the wild."This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if t... |
6 June 2011
03:53 GMT |
|
|
The Ruby on Rails development team has released an update for the web application framework which addresses a cross-site scripting (XSS) vulnerability.The new Rails 3.0.6 version contains multiple bug fixes and changes in addition to the security patch and comes after two release candidates.The XSS vulnerability affe... |
6 April 2011
11:54 GMT |
|
|
A Facebook cross-site scripting (XSS) vulnerability was used to launch a self-propagating spam worm on the social network, according to security researchers from Symantec.The XSS vulnerability was located in the Facebook mobile API and was caused by insufficient JavaScript validation.In order to exploit it, attackers... |
30 March 2011
03:30 GMT |
|
|
Researchers from security vendor M86 Security have identified a serious cross-site scripting (XSS) vulnerability in the RapidShare.com website which allowed attackers to potentially scam users.RapidShare is one of the largest file hosting providers on the Internet and with hundreds of millions of monthly visitors it ... |
21 February 2011
05:21 GMT |
|
|
A cross-site scripting (XSS) vulnerability has been identified on an American Express website secured with EV SSL and can be exploited to enhance phishing attacks.XSS weaknesses are the result of poor input validation into Web forms and allow attackers to return potentially malicious code to visitors' browsers.E... |
5 October 2010
08:00 GMT |
|
|
Two security researchers have independently identified cross-site scripting vulnerabilities in PayPal's mobile and sandbox websites over the weekend, which could have been exploited in phishing attacks.The XSS weakness on the registration.sandbox.paypal.com website was discovered by a member of the Romanian Secu... |
27 September 2010
12:27 GMT |
|
|
A newly discovered Twitter cross-site scripting vulnerability has been used to create an XSS worm that forces users to re-post hidden code by simply rolling the mouse over it.The vulnerability appears to stem from the way Twitter parses links that contain the @ character, which has special meaning on the micro-bloggi... |
21 September 2010
08:50 GMT |
|
|
A new cross-site scripting (XSS) weakness identified on Twitter and can be leveraged by attackers to hijack users' sessions and post on their behalf.According to a report from the XSSed Project, the vulnerability is located in the search script on dev.twitter.com and was discovered by a researcher calling himsel... |
6 September 2010
13:15 GMT |
|
|
A Romanian security researcher has discovered multiple cross-site scripting (XSS) weaknesses in several localized MSN websites, which allow for session cookie hijacking and IFrame injection.The bugs were discovered on various websites hosted in sub-sections on ca.msn.com, fr.msn.com, be.msn.com and fi.msn.com.Cross-s... |
19 August 2010
16:22 GMT |
|
|
The latest updates released Today for Ruby address a medium-risk cross-site scripting vulnerability discovered in the reference implementation earlier this year by security researchers from Apple.Ruby is an object-oriented programming language, which is similar to Perl and Python in syntax and other aspects, but is g... |
16 August 2010
16:16 GMT |
|
|
A Google security researcher has found a security hole on a Twitter subdomain which facilitated session hijacking attacks. The compromise was possible because of a too broad domain scope used for the session cookie.The flaw was discovered and documented on his blog by Google Security Engineer Billy Rios. Rios previou... |
20 July 2010
05:41 GMT |
|
|
Researchers warn that HTML5 support might pose serious security problems for websites by making code formerly thought secure, vulnerable. A critical and undetectable cross-site scripting hole on Facebook was used to demonstrate the concept.“HTML 5 does not do much to solve browser security issues. In fact it ac... |
19 July 2010
04:48 GMT |
|
|
A Twitter cross-site scripting (XSS) vulnerability reported late last week was quickly fixed by the website's security staff. The flaw might have been abused in an earlier attack that affected hundreds of Twitter accounts.The persistent XSS bug was disclosed by an Indonesian grey hat hacker going by the online m... |
28 June 2010
07:48 GMT |
|
|
A Web security researcher has disclosed cross-site scripting weaknesses in the two most popular Facebook applications. He claims to have found similar flaws affecting other apps as well, including an SQL injection vulnerability in a Facebook-verified one.The self-confessed white hat hacker goes by the online handle o... |
3 September 2009
05:53 GMT |
|
|
After a critical Twitter cross-site scripting vulnerability was recently discovered and reported on, the website's security team rushed to address it. Subsequent scrutiny of the patch exposed it as being a seriously inadequate fix that can be circumvented with ease to continue injecting malicious code into tweet... |
27 August 2009
03:56 GMT |
|
|
A blogger trying to bypass Twitter's new nofollow policy for oauth client application links stumbled upon a massive persistent cross-site scripting (XSS) vulnerability, which allowed him to insert potentially malicious JavaScript code into a tweet. The vulnerability could have been leveraged to steal session coo... |
26 August 2009
04:46 GMT |
|
|
Security engineers from Mozilla want to tackle cross-site scripting attacks with a new technology they call the Content Security Policy (CSP). This new specification would allow websites to set directives that enforce certain restrictions over what content the CSP-aware browsers trust. Cross-site scripting, also kno... |
24 June 2009
07:50 GMT |
|
|
A grey-hat hacker going by the online handle of Vektor has disclosed several cross-site scripting vulnerabilities in several pages of the IFPI website. According to the report, Sage Pay, the payment service provider used by the IFPI and many other websites, is actually responsible for some of the flaws. Vektor is a ... |
18 May 2009
06:10 GMT |
|
|
A hacker has disclosed several XSS flaws on free-av.com, online home to the free version of Avira AntiVir. The vulnerabilities that could have been used for redirection or hijacking session cookies have been patched by the antivirus vendor. The bugs in the Avira-controlled website have been discovered by a hacker go... |
25 February 2009
06:56 GMT |
|
|
Kaspersky Labs' website security comes under scrutiny again by vulnerability hunters, after a SQL injection vulnerability has been recently found. An ethical hacker has disclosed that three different pages from the German section of the Kaspersky website are vulnerable to cross-site scripting attacks. A hacker ... |
23 February 2009
05:28 GMT |
|
|
A new cross-site scripting vulnerability affecting the Facebook social networking website has been disclosed on the XSSed project's website. The flaw allows for injection of potentially malicious code. The XSSed project tracks XSS vulnerabilities and its archive contains over 30,000 of documented such flaws affe... |
5 January 2009
10:08 GMT |
|
|
Security researcher Russ McRee published on his blog details about a critical unpatched cross-site scripting vulnerability affecting the American Express website. He claims that he resorted to this after failing for two weeks to convince the company to fix it, despite significant efforts. According to Mr. McRee, he ... |
17 December 2008
09:15 GMT |
|
|
The XSSed project made public four different cross-site scripting vulnerabilities discovered by individual security researchers. The flaws affect the developers, applications, user registration, and iPhone login pages. The XSSed project is an important source of information regarding cross-site scripting (XSS) attac... |
16 December 2008
06:42 GMT |
|
|
|
|
Find us on Google+
