What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in XSS

Chrome patches 24 security holes, enables “Sanitizer” safety system

31 Aug, 2022 Buffer Overflow, chrome, google, Google Chrome, Sanitizer, Security News, use-after-free, Vulnerability, XSS 0 Comments 0

24 existing bugs fixed. And, we hope, numerous potential future bugs prevented.

Apple devices get urgent patch for zero-day exploit – update now!

27 Mar, 2021 Apple, Apple Safari, CVE-2021-1879, Exploit, iOS, iPad, iPhone, Security News, Vulnerability, WebKit, XSS 0 Comments 0

by Paul Ducklin Apple has just pushed out an emergency “one-bug” security update for its mobile devices, including iPhones, iPads and Apple Watches. Even users of older iPhones who are still on the officially-supported iOS 12 version need to patch, so the versions you should be updating to are as . . . Read more

QNAP High-Severity Flaws Plague NAS Systems

07 Dec, 2020 Cross Site Scripting, flaw, NAS, NAS Systems, patch, QNAP, remote code injection, Security News, Security Update, Vulnerabilities, Vulnerability, XSS 0 Comments 0

The high-severity cross-site scripting flaws could allow remote-code injection on QNAP NAS systems. QNAP Systems is warning of high-severity flaws that plague its top-selling network attached storage (NAS) devices. If exploited, the most severe of the flaws could allow attackers to remotely take over NAS devices. NAS devices are systems . . . Read more

Bug-Bounty Awards Spike 26% in 2020

29 Oct, 2020 Apple, bounty payouts, Bug Bounty, COVID-19, Cross Site Scripting, ethical hackers, flaws, HackerOne, information disclosure, Most Recent ThreatLists, most valuable, most-rewarded, Security, Security News, stay at home orders, tiktok, top 10, Vulnerabilities, XSS 0 Comments 0

The most-rewarded flaw is XSS, which is among those that are relatively cheap for organizations to identify. Cross-site scripting (XSS) remained the most impactful vulnerability and thus the one reaping the highest rewards for ethical hackers in 2020 for a second year running, according to a list of top 10 . . . Read more

Facebook, News and XSS Underpin Complex Browser Locker Attack

22 Oct, 2020 browser locker, Cross Site Scripting, Facebook, grupo ppe, Malwarebytes, news site, Open Redirect, peru, redirections, security bug, Security News, tech support scam, Vulnerabilities, Web Security, XSS 0 Comments 0

An elaborate set of redirections and hundreds of URLs make up a wide-ranging tech-support scam. A sophisticated “browser locker” campaign is spreading via Facebook, ultimately pushing a tech-support scam. The effort is more advanced than most, because it involves exploiting a cross-site scripting (XSS) vulnerability on a popular news site, . . . Read more

Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio

20 Oct, 2020 adobe, after effects, animate, arbitrary code execution, creative cloud installer, critical, dreamweaver, illustrator, InDesign, marketo, Media Encoder, october 2020, out of band, Patches, photoshop, premiere pro, Security News, Security Updates, Vulnerabilities, XSS 0 Comments 0

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Wormable Apple iCloud Bug Allows Automatic Photo Theft

09 Oct, 2020 $300, 000, Apple, Apple Bug Bounty Program, Applications, authentication bypass, Bug Bounty, Cloud Security, critical bugs, Critical flaws, Developers, ethical hackers, Hackers, Hacks, hardware, iCloud, IoT, Mobile Security, Privacy, sam curry, Security News, software, source code, takeover, three-month hack, Vulnerabilities, Web Security, wormable, XSS 0 Comments 0

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Post Grid WordPress Plugin Flaws Allow Site Takeovers

05 Oct, 2020 Cross Site Scripting, high severity, PHP Object Injection, plugin, post grid, Security News, security vulnerability, site takeover, team showcase, Vulnerabilities, Web Security, wordpress, XSS 0 Comments 0

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Stubborn WooCommerce Plugin Bugs Get Third Patch

19 Sep, 2020 AJAX, Cross-site request forgery, cross-site scripting bug, CSRF attacks, Discount Rules for WooCommerce, Fylcart, Security News, Vulnerabilities, Web Security, WooCommerce, wordpress, XSS 0 Comments 0

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers

08 Sep, 2020 adobe, Adobe Bug, Adobe Experience Manager, adobe framemaker, adobe indesign, adobe patch, browser attack, critical flaw, Cross Site Scripting, html injection flaw, information disclosure, Javascript, patch tuesday, Security News, Vulnerabilities, Web Security, XSS 0 Comments 0

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

1 2