Computerworld

New cross-site scripting attack targets VoIP

Security researchers have found a way to execute cross-site scripting attacks through VoIP clients, introducing a dangerous new threat almost no one is guarding against, according to vendor Secure ...

Instructure confirms hackers used Canvas flaw to deface portals

Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login ...

Microsoft warns of Exchange zero-day flaw exploited in attacks

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow ...
ExtremeTech

Steam patches flaw that exposed user profiles to drive-by attacks

Yesterday, news broke that Steam was affected by a cross-site scripting vulnerability that could compromise Steam account safety or be used to steal user data. The problem has since been corrected, ...
Ars Technica

Help me understand cross-site scripting

I'm studying JavaScript for a class, and I'm stuck on understanding Cross-Site Scripting, what it is, and how to prevent it. Let me know if the concepts below are correct. Cross-site scripting ...