cross-site scripting

(get it in RSS or Atom)

PayPal patches potential payment-stealing vulnerability

An XSS hole could apparently have allowed a crook to pop up a realistic PayPal "pay page" and steal the victim's card data.

Paul Ducklin takes a look...

WordPress 4.2.3 is out, update your website now

Wordpress 4.2.3 is out, update your website now

If you manage a website that utilizes Wordpress - update now! The latest version has been released and includes a fix for a cross-site scripting (XSS) vulnerability that your website could do without.

The end of the Silk Road for Dread Pirate Roberts - 60 Sec Security [VIDEO]

Here's our weekly "60 Second Security" video.

Enjoy a fresh and entertaining take on the latest security news in just one minute...

Twitter jumps to block XSS worm in Tweetdeck


A cross-site scripting flaw was disclosed this morning affecting the popular Twitter application Tweetdeck. It has now been fixed, but not before it wormed its way through thousands of browsers.

New IE zero day exploit circulating, used to install Poison Ivy

New IE zero day exploit circulating, used to install Poison Ivy

The gang behind that recent Java zero day attacks apparently hasn't packed up for the season. A researcher examining one of the servers used to launch attacks on vulnerable Java installations said he found a new zero day exploit for Microsoft's Internet Explorer web browser.

"Omg this is so cool!" Pinterest hack feeds spam to Twitter and Facebook

Pintrest logo

Another rash of account takeovers on the photo-sharing site Pinterest has spilled over onto Twitter and Facebook, as spammers take advantage of linked accounts.

XSS flaw in WordPress 3.3 - How the smallest things make testing tough


Researchers discovered a cross-site scripting flaw in WordPress 3.3 yesterday that only occurs if you ran the installation with an IP address instead of a domain name. WordPress 3.3.1 is now available to fix the vulnerability.

Weibo, China's Twitter-like service, hit by worm


A worm which broke out on Weibo, exploited a cross-site scripting flaw and sent around messages claiming to link to naked photos of Fan Bingbing, romantic poetry and mobile phone spyware.