Hackaday

Exploit-Me Firefox XSS And SQL Scanning Addon

[youtube=http://www.youtube.com/watch?v=RbL2ptbjoSA&hl=en&rel=0&color1=0x3a3a3a&color2=0x999999] One of the best tools we saw at LayerOne was the Exploit-Me series ...
Threat Post

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

A WordPress reservation plugin has a vulnerability that allows unauthenticated hackers to access reservation data stored by site owners. An easy-to-exploit bug impacting the WordPress plugin ReDi ...
SecurityWeek

Russian APT Exploits Zimbra Vulnerability Against Ukraine

Russia-linked APT28 has exploited a high-severity XSS vulnerability in Zimbra in attacks against Ukrainian entities.

CISA orders feds to patch Zimbra XSS flaw exploited in attacks

CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS).
Threat Post

TweetDeck Taken Down in Wake of XSS Attacks

TweetDeck said it temporarily has taken down its services after cross-site scripting exploit code circulated today. TweetDeck services have been disabled for the time being as Twitter tries to get a ...
Dark Reading

XSS Flaw In TweetDeck Leads To Spread Of Potential Exploits

A cross-site scripting bug in Twitter's TweetDeck tool caused trouble for many users on Wednesday, and potentially opened up many other users to XSS attacks. A researcher tweeted the vulnerability ...
Infosecurity-magazine.com

Winter Vivern: Zero-Day XSS Exploit Targets Roundcube Servers

ESET Research has discovered a significant cybersecurity threat as the Winter Vivern group exploited a zero-day cross-site scripting (XSS) vulnerability in the Roundcube Webmail server. The new ...
ZDNet

TikTok patches reflected XSS bug, one-click account takeover exploit

TikTok has patched a reflected XSS security flaw and a bug leading to account takeover impacting the firm's web domain. Reported via the bug bounty platform HackerOne by researcher Muhammed "milly" ...