TechNewsWorld

Web-Based Worms: How XSS Is Paving the Way for Future Malware

I first became aware of cross-site scripting (XSS) nearly a decade ago. At the time, despite being an all too prevalent bug in Web applications, the risk posed by the flaw was of limited value. It was ...
Dark Reading

Gallup Addresses XSS Bugs in Website

Editor's Note: Dark Reading has become aware that a portion of the original Checkmarx research on these vulnerabilities is in dispute, prompting us to retract sections of our reporting below. As ...
Threat Post

Reflected XSS Bug Patched in Popular WooCommerce WordPress Plugin

Automattic has patched a reflected cross-site scripting vulnerability in the WooCommerce WordPress plugin. An extension of the WooCommerce WordPress plugin, used by 28 percent of all online stores, ...
ZDNet

PayPal fixes reflected XSS vulnerability in user wallet currency converter

First disclosed on February 19, 2020, by a bug bounty hunter who goes by the name "Cr33pb0y" on HackerOne, the vulnerability is described as a "reflected XSS and CSP bypass" issue. The bug was found ...
Dark Reading

Security 101: Cross-Site Scripting

In cyber security, attention is concentrated on the new -- zero-day exploits, for example, are big news and big business. But old threats can still cause big problems for organizations, even when the ...
ZDNet

Google to remove Chrome's built-in XSS protection (XSS Auditor)

Google engineers plan to remove a Chrome security feature that has not been living up to par with the protections with was supposed to provide for years. Named XSS Auditor, the feature was added to ...