Macworld

PayPal plugs cross-site scripting vulnerability

Editor’s Note: This story is excerpted from Computerworld. For more Mac coverage, visit Computerworld’s Macintosh Knowledge Center. Online payment provider PayPal has patched a critical cross-site ...
heise online

Web-Security: With Content Security Policy against Cross-Site Scripting, Part 2

Cross-site scripting (XSS) remains one of the most common security threats to web applications. Despite advanced protection mechanisms, attackers continue to find new ways to exploit XSS ...
Dark Reading

Cross-Site Scripting: Attackers' New Favorite Flaw

For years buffer overflow has been the favorite target of online attackers, but no more: Cross-site scripting is now the biggest culprit That's the scoop from Mitre Corp., which later this week will ...
Dark Reading

Joomla XSS Bugs Open Millions of Websites to RCE

The Joomla open source content management system (CMS) is vulnerable to multiple cross-site scripting (XSS) security vulnerabilities that could allow remote code execution (RCE). Sonar's Vulnerability ...
Bleeping Computer

Hackers steal data of 2 million in SQL injection, XSS attacks

A threat group named 'ResumeLooters' has stolen the personal data of over two million job seekers after compromising 65 legitimate job listing and retail sites using SQL injection and cross-site ...