A WordPress reservation plugin has a vulnerability that allows unauthenticated hackers to access reservation data stored by site owners. An easy-to-exploit bug impacting the WordPress plugin ReDi ...

A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents. The phishing scam was first discovered by security research Daniel ...

Cross-site scripting (XSS)/SQL injection attacks have been blamed for numerous data breaches, perhaps most notably the nightmare of the Heartland Payment Systems data breach. This type of attack has ...

Adam Stone writes on technology trends from Annapolis, Md., with a focus on government IT, military and first-responder technologies. The Department of Homeland Security has warned federal agencies ...

An undisclosed Cross-Site Scripting (XSS) vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA and NOAA. Although 90 days ...

Illustration by Mark Todd In May, Web security consultant George Deglin discovered a cross-site scripting (XSS) exploit that involved Facebook’s controversial Instant Personalization feature. The ...

LAS VEGAS -- WhiteHat Security today announced the availability of Jeremiah Grossman’s book – Cross-Site Scripting Attacks: XSS Exploits and Attacks. The book offers a detailed definition of the ...

ESET Research has discovered a significant cybersecurity threat as the Winter Vivern group exploited a zero-day cross-site scripting (XSS) vulnerability in the Roundcube Webmail server. The new ...

Researchers will demonstrate a lethal combination of cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks tomorrow at Black Hat Europe in Amsterdam. The goal is to show the danger ...

Cybersecurity researchers with Flashpoint, Digital Shadows' Photon Research Team and other firms have confirmed that XSS, a popular cybercriminal forum, has outright banned ransomware sales, ...