Dark Reading

'Ardilla' Automatically Roots Out SQL Injection And XSS, Generates Attacks

Researchers have built a tool that automatically finds and exploits SQL injection and cross-site scripting vulnerabilities in Web applications. The so-called Ardilla tool uses a technique developed by ...
Bleeping Computer

Zimbra patches zero-day vulnerability exploited in XSS attacks

Two weeks after the initial disclosure, Zimbra has released security updates that patch a zero-day vulnerability exploited in attacks targeting Zimbra Collaboration Suite (ZCS) email servers. Now ...
Searchenginejournal.com

Vulnerability Found in WordPress Anti-Malware Firewall

A popular WordPress anti-malware plugin was discovered to have a reflected cross-site scripting vulnerability. This is a type of vulnerability that can allow an attacker to compromise an administrator ...
Threat Post

Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE

A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts — with no patches in sight. An unpatched stored cross-site-scripting (XSS) ...
Bleeping Computer

WordPress custom field plugin bug exposes over 1M sites to XSS attacks

Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks (XSS). The two ...
Tech Digest

Preventing Cross-Site Scripting (XSS) in React: Techniques for Front-End Defense

In today’s digital landscape, web applications are integral to our daily lives, enabling seamless interactions and transactions. However, this increased connectivity also opens the door to potential ...