A cross-site scripting (XSS) flaw in the web-based control panel used by operators of the StealC info-stealing malware ...

Security consultant Benjamin Mussler last week warned that the Kindle e-book library had a cross-site scripting vulnerability. It appears Amazon previously had fixed the XSS flaw but two months ago ...

Adam Stone writes on technology trends from Annapolis, Md., with a focus on government IT, military and first-responder technologies. The Department of Homeland Security has warned federal agencies ...

Successful exploitation allows attackers to steal potentially sensitive information, change appearance of the web page, and perform phishing, spoofing and drive-by-download attacks. Users of the ...

A leading US security agency has released some timely advice designed to raise awareness about coding best practice to eliminate one of the most common classes of software vulnerability. Teaming up ...

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are urging organizations to focus on eliminating cross-site scripting vulnerabilities in ...

Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover. A just-patched stored cross-site scripting (XSS) vulnerability in WordPress allowed drive-by remote ...

Google has resolved an XSS vulnerability in Gmail described by the tech giant's own team as "awesome." On Monday, Michał Bentkowski, Chief Security Researcher at Securitum, disclosed the vulnerability ...

Adobe has released an update for Flash player to counter a cross-site scripting vulnerability, just days after its release. The vulnerability (CVE-2011-2107), rated ‘important’ by Adobe, affects Flash ...

Critical security issues caused by improper access controls in a WordPress plugin designed for GDPR cookie compliance have been resolved, but hundreds of thousands of websites may still be vulnerable ...