Threat Post

XSS, CSRF Vulnerabilities identitified in WSO2 Identity Server

A handful of vulnerabilities have been identified in WSO2 Identity Server that could lead to takeover, firewall bypass, and potentially open subsequent internal servers up to further attacks. A ...
Infosecurity-magazine.com

XSS is Most Rewarding Bug Bounty as CSRF is Revived

Cross-site scripting (XSS) is the most rewarding security vulnerability, according to data on the number of bug bounties paid. According to HackerOne’s top 10 most impactful security vulnerabilities, ...
Threat Post

WordPress Plugins Bogged Down with CSRF, XSS Vulnerabilities

A handful of bugs, mostly XSS and CSRF vulnerabilities, have been plaguing at least eight different Wordpress plugins as of late. A smattering of bugs, mostly cross-site scripting (XSS) and cross-site ...
CSOonline

Threat Watch: Cross Site Request Forgery (CSRF)

After Cross Site Scripting (XSS), the second most common web application security exploit is probably one you haven’t heard of: Cross Site Request Forgery (or CSRF for short). This little-known but ...
Dark Reading

Twitter Attack An XSS Wake-Up Call

The high-profile attack that hit the Twitter website early this morning and affected tens to hundreds of thousands of Twitter users serves as a reminder of just how the pervasive but often-dismissed ...
Dark Reading

FireHost Q3 Web Application Report -- XSS Attacks Lead Pack As Most Frequent Attack Type

London, UK – October 22, 2012 – Secure cloud hosting company, FireHost, has today announced the findings of its latest web application attack report, which provides statistical analysis of the 15 ...
Bleeping Computer

Wordpress 5.1.1 Fixes XSS Vulnerability Leading to Website Takeovers

The WordPress team fixed a software flaw introduced in the 5.1 release that could allow potential attackers to perform stored cross-site scripting (XSS) attacks with the help of maliciously crafted ...