Articles about cross-site scripting

The Register breaking news

Hackers scalp StrongWebmail to claim cash prize

Ethical hackers are claiming a $10,000 prize for successfully breaking into the webmail account of the chief exec of StrongWebmail after the firm issued a "hack us if you can" challenge. StrongWebMail runs a callback verification system so that, in theory, even if someone obtains a user's login details they can't read email …
John Leyden, 5 Jun 2009
The Register breaking news

XSS flaws poke ridicule at entertainment industry

Cheeky crackers used a cross-site scripting flaw on the web sites of the Motion Picture Association of America (MPAA) to inject listings from controversial torrent links site The Pirate Bay. Vektor, a member of the Team Elite group of hackers, smuggled links culled from the The Pirate Bay into content served up when surfers …
John Leyden, 8 May 2009
The Register breaking news

WordPress update kyboshes XSS flaw

WordPress has fixed a cross-site scripting (XSS) flaw in its blogging software. Version 2.6.5 also addresses three unrelated performance and stability bugs with the open source package. The XSS fixed by the latest version of the software is limited to particular setups involving IP-based virtual servers running on Apache 2.x …
John Leyden, 27 Nov 2008
The Register breaking news

Opera update plugs bug brace

Opera has updated its browser to plug a pair of critical security holes. Version 9.62 of the browser fixes a vulnerability in the History Search function which creates a possible mechanism for hacker to inject code. The flaw, discovered by researcher Aviv Raff, left Opera users at risk of attack simply by visiting booby- …
John Leyden, 5 Nov 2008
The Register breaking news

Opera update draws the curtain on seven security vulns

Opera users should upgrade their browser software following the discovery of multiple security bugs. Version 9.5.2 of the Windows version of the software fixes seven vulnerabilities, including a startup crash that creates a means for hackers to inject hostile code on certain systems (details here). There's also a fix for a …
John Leyden, 21 Aug 2008
graph up

Microsoft touts trustworthy browsing with IE8

Microsoft has detailed a raft of security improvements due to appear in Internet Explorer 8. The second beta of Redmond's web browser will be packed full of features designed to thwart phishing and drive-by download attacks, Redmond explained on Wednesday. Users need to be running either Vista or Windows XP SP2 to take …
John Leyden, 3 Jul 2008
Yahoo

Yahoo! Mail! vuln! fixed!

Yahoo! has fixed a vulnerability that left users of its popular webmail service at risk of having their login credentials stolen. The cross-site scripting flaw, which allowed session IDs to be be stolen, involves the interaction between Yahoo! mail and the Yahoo! Messenger instant messaging client. The flaw was discovered in …
John Leyden, 25 Jun 2008
Cockroach

Scripting bugs blight security giants' websites

Security researchers have identified cross-site scripting (XSS) issues on the websites of three IT security heavyweights. Coding flaws on the websites of McAfee, Symantec and VeriSign create a possible mechanism for hackers to launch phishing or malware attacks, according to security watchdog XSSed. Cross-site scripting …
John Leyden, 13 Jun 2008

Create a news alert about cross-site scripting, or find more stories about cross-site scripting.

Biting the hand that feeds IT © 1998–2018