ZDNet

Google tackles XSS scripting flaws with new developer tools

Google has released two new tools for developers looking to protect web domains against XSS scripting security flaws. Cross-site scripting (XSS) is a common security issue web developers face today.
Threat Post

WordPress XSS Bug Allows Drive-By Code Execution

Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover. A just-patched stored cross-site scripting (XSS) vulnerability in WordPress allowed drive-by remote ...
Business Insider

Forbes Exploited: XSS Vulnerabilities Allow Phishers to Hijack Sessions & Steal Logins

Here's another delicious Byte. Ucha Gobejishvili, a Georgian Security Researcher under the handle of longrifle0x, discovered two cross site scripting (XSS) vulnerabilities on the official website of ...
Infosecurity-magazine.com

XSS and SQL Injection Plague Several NMSes

A slew of cross-site scripting (XSS) and SQL injection (SQLi) vulnerabilities that affect several network management system (NMS) products has been uncovered. Security firm Rapid7 has released details ...
Infosecurity-magazine.com

Salesforce Patches Dangerous XSS Flaw

Salesforce.com has patched a cross site scripting flaw in a sub-domain which could have been exploited by hackers to hijack accounts or distribute malware. The vulnerability in “admin.salesforce.com” ...
TechCrunch

Skype Aware Of XSS Vulnerability In iOS Apps, “Working Hard To Fix” It

If you’re using Skype for iOS on your iPhone or iPod touch, consider yourself warned: a cross-site scripting vulnerability looms in the “Chat Message” window in version 3.0.1 and earlier versions. The ...