Discovered by Bishop Fox security consultant Chris Davis and publicly disclosed on Wednesday, the bug, tracked as CVE-2021-28114, impacts Froala version 3.2.6 and earlier. Froala is a lightweight What ...

First disclosed on February 19, 2020, by a bug bounty hunter who goes by the name "Cr33pb0y" on HackerOne, the vulnerability is described as a "reflected XSS and CSP bypass" issue. The bug was found ...

A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents. The phishing scam was first discovered by security research Daniel ...

A cross-site scripting (XSS) flaw in the web-based control panel used by operators of the StealC info-stealing malware ...

TweetDeck said it temporarily has taken down its services after cross-site scripting exploit code circulated today. TweetDeck services have been disabled for the time being as Twitter tries to get a ...

Cross-site scripting (XSS) is the most rewarding security vulnerability, according to data on the number of bug bounties paid. According to HackerOne’s top 10 most impactful security vulnerabilities, ...

The high-profile attack that hit the Twitter website early this morning and affected tens to hundreds of thousands of Twitter users serves as a reminder of just how the pervasive but often-dismissed ...

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are urging organizations to focus on eliminating cross-site scripting vulnerabilities in ...

A leading US security agency has released some timely advice designed to raise awareness about coding best practice to eliminate one of the most common classes of software vulnerability. Teaming up ...

An elaborate set of redirections and hundreds of URLs make up a wide-ranging tech-support scam. A sophisticated “browser locker” campaign is spreading via Facebook, ultimately pushing a tech-support ...