An elaborate set of redirections and hundreds of URLs make up a wide-ranging tech-support scam. Source link
Tag: cross-site scripting
Post Grid WordPress Plugin Flaws Allow Site Takeovers
Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs — together they have 66,000 installs. Source link
Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers
Five critical cross-site scripting flaws were fixed by Adobe in Experience Manager as part of its regularly scheduled patches. Source link
Bug in Google Maps Opened Door to Cross-Site Scripting Attacks
A researcher discovered a cross-site scripting flaw in Google Map’s export function, which earned him $10,000 in bug bounty rewards. Source link
Attackers Can Exploit Critical Cisco Jabber Flaw With One Message
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will […]
High-Severity TinyMCE Cross-Site Scripting Flaw Fixed
The cross-site scripting flaw could enable arbitrary code execution, information disclosure - and even account takeover. Source link
Newsletter WordPress Plugin Opens Door to Site Takeover
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will […]
Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes
With Black Hat USA 2020 kicking off this week, Erez Yalon with Checkmarx talks about newly disclosed, critical vulnerabilities in Meetup.com - and why they are the “holy grail” for attackers. Source link
Meetup Critical Flaws Allow ‘Group’ Takeover, Payment Theft
Researchers disclosed critical flaws in the popular Meetup service at Black Hat USA 2020 this week, which could allow takeover of Meetup “Groups.” Source link
Attackers Target 1M+ WordPress Sites To Harvest Database Credentials
An attack over the weekend unsuccessfully targeted 1.3 million WordPress websites, in attempts to download their configuration files and harvest database credentials. Source link
Login with Facebook Bug Earns $20K Bounty
The cross-site scripting vulnerability could have allowed trivial account takeover. Source link
Open source bugs have soared in the past year – Naked Security
Open source bugs have skyrocketed in the last year, according to a report from open source licence management and security software vendor WhiteSource. The number of open source bugs sat steady at just over 4,000 […]
XSS plugin vulnerabilities plague WordPress users – Naked Security
Thousands of active WordPress plugins have been hit with a swathe of cross-site scripting (XSS) vulnerabilities that could give attackers complete control of sites. One of the affected plugins was designed to work with the […]
Cookie-nabbing app could have served users side helping of XSS – Naked Security
A popular GDPR compliance WordPress plugin vendor has patched a flaw that rendered both site visitors and admins vulnerable to cookie-stealing cross-site scripting (XSS) attacks. The GDPR Cookie Consent plugin, created by WebToffee, claims over […]
Critical Flaws in Magento e-Commerce Platform Allow Code-Execution
Admins are encouraged to update their websites to stave off attacks from Magecart card-skimmers and others. Source link