Articles about cross site scripting error

The Register breaking news

Mass web infections spike to 6 million pages

An estimated 5.8 million pages belonging to 640,000 websites were infected with code designed to launch malware attacks on visitors, according to a report released Tuesday. The numbers, compiled over the third quarter by security firm Dasient, represent a significant jump in number of legitimate websites that have been …
Dan Goodin, 27 Oct 2009
The Register breaking news

Mozilla service detects insecure Firefox plugins

Mozilla has introduced a service that checks Firefox browser plugins to make sure they don't have known security vulnerabilities or incompatibilities. The service debuted on Tuesday with this page, which checks 15 plugins to make sure they're the most recent versions. Over time, Mozilla developers plan to scan additional …
Dan Goodin, 14 Oct 2009
The Register breaking news

Google shares malware samples with hacked site admins

Google has rolled out a feature that provides webmasters of compromised sites with samples of malicious code and other detailed information to help them clean up. The search giant has long scanned websites for malware while indexing the world wide web. When it detects outbreaks, it includes language in search results that …
Dan Goodin, 13 Oct 2009
The Register breaking news

Mozilla unveils cure for Web 2.0 world run amok

The Mozilla Foundation has unveiled an early version of its Firefox browser that it says could virtually eliminate one of the most common attack forms now menacing the web. It implements an inchoate technology the foundation calls CSP, short for the Content Security Policy specification. It allows web developers to embed a …
Dan Goodin, 3 Oct 2009
The Register breaking news

Google (finally) adds protection for common Web 2.0 attack

Google has beefed up the security of Gmail and its other services by adding a feature to login pages that blocks one of the more common forms of web attacks. The upgrade is designed to protect against CSRF, or cross-site request forgery, attacks. The technique subverts basic website defenses by exploiting the often-misplaced …
Dan Goodin, 2 Oct 2009
The Register breaking news

Email-stealing worm slithers across LiveJournal

LiveJournal's security team has disabled some media features on the blogging site after a quick-spreading worm stole user email addresses and caused entries designated as private to be available to everyone. The self-propagating exploit spread to users who were logged in and did nothing more than view a LiveJournal posting …
Dan Goodin, 23 Sep 2009
The Register breaking news

Hardware biz issued trojan-laced drivers, says researcher

A maker of hardware for computer gamers has taken its support site offline following a report that it was surreptitiously distributing malware on its downloads section. Carlsbad, California-based Razer took the precautionary move after Rik Ferguson, a senior security adviser in Europe with anti-virus firm Trend Micro, warned …
Dan Goodin, 21 Sep 2009
The Register breaking news

Apple security lags (again) with critical Java patches

Comment Apple is once again playing security catch-up to the rest of the computing world, this time with an update for the Leopard version of its Mac operating system that patches critical holes in Java that were fixed on competing systems 29 days ago. The patch updates Leopard to Java versions 1.6.0_15, 1.5.0_20, and 1.4.2_22, which …
Dan Goodin, 4 Sep 2009
The Register breaking news

UK Parliament website hack exposes shoddy passwords

Updated A vulnerability in the website of the UK Parliament appears to be exposing confidential information, including unencrypted login credentials, a Romanian hacker wrote on his blog. The SQL injection vulnerability is on this page, the hacker, who goes by the moniker Unu, told The Register. By tacking database commands onto the …
Dan Goodin, 1 Sep 2009
The Register breaking news

Buggy home routers expose O2 customers to hijacking

Updated If you get your internet service from O2, there's a good chance Paul Mutton can remotely log in to your router and make configuration changes that surreptitiously allow him to access computers on your network. That's because the UK-based ISP offers its customers free customized routers that are vulnerable to CSRF, or cross- …
Dan Goodin, 1 Sep 2009
The Register breaking news

Twitter botches patch for nasty account-hijacking bug

For the past 24 hours, Twitter engineers have been fighting a gaping hole that makes it easy for hackers to hijack the accounts of users who do nothing more than view a booby-trapped message. So far, the hole is winning. The XSS, or cross-site scripting, bug resides in an application programming interface Twitter provides to …
Dan Goodin, 26 Aug 2009
The Register breaking news

Baby-roasting BBQ pulled from Sears site

In a blunder that might top the Baby Shaker app on Apple's App Store, retailing giant Sears.com has been caught offering a Bar-B-Que grill specially designed to roast infants and other human morsels. The ad, which was spotted earlier by celebrity news site TMZ, showed a Kenmore natural-gas grill with five burners. A caption …
Dan Goodin, 21 Aug 2009
The Register breaking news

Security bugs crawl all over financial giant’s website

For the past five months, a website for investment services giant Ameriprise Financial contained bugs that allowed even low-level criminals to inject malicious content into official company webpages and steal user's cookies, according to a web security expert. The XSS, or cross-site scripting, flaws made it possible for …
Dan Goodin, 20 Aug 2009
channel

Adobe patches 'critical' flaws in ColdFusion, JRun

Adobe Systems has released updates that patch vulnerabilities in two widely used web development applications, several of which let attackers steal sensitive data or take complete control of users' machines. In all, the patches fix seven flaws in versions 8.0.1 and earlier of ColdFusion and JRun 4.0. The most serious of them …
Dan Goodin, 18 Aug 2009
The Register breaking news

Hacktivist vuln still plagues UN.org

The official website of the United Nations has yet to fix a vulnerability that more than two years ago allowed hacktivists to replace official content with their own activist messages. According to Errata Security CEO Rob Graham, the same SQL injection flaw that plagued the site in August of 2007 remains unfixed now. It's …
Dan Goodin, 14 Aug 2009
The Register breaking news

WordPress bug resets admin password

This story was updated to correct details of the bug. It allows attackers to reset passwords, but not take over accounts. Developers of the widely used WordPress blogging software have released an update that fixes a vulnerability that let attackers reset the administrator password. The bug in version 2.8.3 is trivial to …
Dan Goodin, 12 Aug 2009
The Register breaking news

US civil liberties gang questions Obama cookie plan

A proposal to loosen restrictions on the use of tracking cookies by federal government websites should be carefully scrutinized so they don't jeopardize the privacy of people who visit them, groups advocating civil liberties warned Monday. The American Civil Liberties Union said the proposal, floated July 24 by the White House …
Dan Goodin, 11 Aug 2009
The Register breaking news

cPanel, Netgear and Linksys susceptible to nasty attack

Defcon If you use cPanel to administer your website or certain Linksys or Netgear devices to route traffic over your wireless network, you're susceptible to web-based attacks that could take complete control of your systems, two security researchers said Saturday. All three wares contain CSRF, or cross-site request forgery, holes …
Dan Goodin, 2 Aug 2009

Create a news alert about cross site scripting error, or find more stories about cross site scripting error.

Biting the hand that feeds IT © 1998–2018