Filter Results
Click on a filter below to refine your search.
Your search for cross-site scripting returned 134 results.
Hint: If you don't want the words you enter to be searched for separately, use quotation marks to find people or exact phrases. See our Search Help section for more hints.
News
Adobe has confirmed a vulnerability in its widely used Reader and Acrobat products, and is recommending users disable JavaScript to stay protected.
April 29, 2009
News
Twitter was struck by a particularly nasty cross-site scripting worm over the weekend, again bringing to light the threat of client-side attacks across social networking sites.
April 13, 2009
News
The case was dismissed because the plaintiff could not prove that his information was actually used fraudulently following the breach of a pharmacy benefit management provider.
December 04, 2009
Brief
Opera Software on Monday issued Opera 10.10 (Opera Unite) which fixes an "extremely severe" heap buffer overflow vulnerability that could cause the browser to freeze or terminate or lead to a crash that could be used to execute code, Opera said. The updated browser also fixes a separate "highly severe"...
November 23, 2009
Brief
Sun has patched for several vulnerabilities in its Java System Identity Manager. Rated "highly critical" by vulnerability tracking service Secunia, the flaws impact versions 7 and 8. The bugs could be exploited to allow for security bypass, cross-site scripting, data manipulation, information exposure, privilege escalation and system access,...
March 24, 2009
Brief
Apple on Wednesday released an update for its Safari browser. Version 4.0.2 is available for the Mac OS X and Windows operating systems. The update addresses two vulnerabilities in WebKit, which could potentially enable cross-site scripting attacks, arbitrary code execution, or cause unexpected application termination when visiting a...
July 08, 2009
News
Hundreds of thousands of members of a pharmacy benefit management firm may have had their information exposed to extortionists.
October 01, 2009
Brief
Blogging platform WordPress on Thursday pushed out an updated version to resolve two security vulnerabilities, the company's lead developer, Ryan Boren, said in a blog post. Version 2.8.6 fixes a cross-site scripting vulnerability in Press This, a WordPress bookmarklet, as well as a bug related to sanitizing uploaded...
November 13, 2009
News
A vulnerability in Google's Gmail that enables cross-site request forgery (CSRF) attacks has been recognized since 2007, but a proof-of-concept (PoC) was just released Tuesday.
March 04, 2009
News
Reddit is the latest Web 2.0 site to be slowed by a cross-site scripting attack.
September 28, 2009
News
A cross-site scripting vulnerability affecting the Pentagon website is not a major security threat -- but it could turn into one, said a researcher who examined the bug.
December 08, 2009
News
Firefox has fixed a zero-day JavaScript bug -- which was being exploited in the wild -- that could have resulted in malware infection.
July 17, 2009
News
A new version of the Opera browser closes several security holes that could have enabled an attacker to execute arbitrary code or launch cross-domain scripting attacks.
March 03, 2009
News
In the latest wave of Gumblar attacks, the backdoor script being used to infect sites has been causing some WordPress blogs and other PHP-based sites to crash, security researchers have warned.
November 06, 2009
Brief
A new version of the popular web browser Firefox (3.0.9) addresses multiple vulnerabilities, such as POST data being sent to the wrong site when saving web pages, allowing malicious search plug-ins to inject code into arbitrary sites, and cross-site scripting hazards when using third-party stylesheets. Exploitation...
April 22, 2009
Product Review
Ounce 6 provides static source code security analysis. It will analyze any application written in C/C++, Java/JSP, .NET (C#, VB .NET, ASP.NET), Classic ASP (VBScript, JavaScript) and Visual Basic 6.
May 01, 2009
Brief
The vulnerability research team at intrusion prevention systems provider Sourcefire has pushed out a "homebrew" patch for the dangerous Adobe Acrobat and Reader vulnerability, which is being leveraged in active exploits. The fix only works for version 9 of the popular software, so users are advised to upgrade to the...
February 23, 2009
Brief
The official release of Internet Explorer 8 is scheduled to be available at noon EST on Thursday. The new browser "offers leading-edge security features," including a cross-site scripting filter, clickjacking prevention, and per-site ActiveX, which enables users and administrators to manage where an ActiveX Control can run,...
March 19, 2009
Brief
The Koobface worm, which previously had mainly affected MySpace and Facebook, is now infiltrating Twitter, Kaspersky Lab researchers said Tuesday. Infected accounts sent tweets containing a link to a URL that masqueraded as a video site, but actually contained malicious JavaScript. Mac or Linux users who clicked on...
July 14, 2009
Brief
Google on Tuesday issued a new version of its browser, Chrome 3.0. The release, which comes on the heels of the browser's first birthday, fixes two security vulnerabilities. The bugs, one classified as "high" severity and other as "medium," could enable an attacker to inject JavaScript into a website....
September 16, 2009