CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS).

A WordPress reservation plugin has a vulnerability that allows unauthenticated hackers to access reservation data stored by site owners. An easy-to-exploit bug impacting the WordPress plugin ReDi ...

A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents. The phishing scam was first discovered by security research Daniel ...

LAS VEGAS -- WhiteHat Security today announced the availability of Jeremiah Grossman’s book – Cross-Site Scripting Attacks: XSS Exploits and Attacks. The book offers a detailed definition of the ...

Researchers will demonstrate a lethal combination of cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks tomorrow at Black Hat Europe in Amsterdam. The goal is to show the danger ...

Google has created a new browser API that will help Chrome fight certain types of cross-site scripting (XSS) vulnerabilities, adding another level of protection at the browser level to keep users safe ...

Cross-site scripting (XSS)/SQL injection attacks have been blamed for numerous data breaches, perhaps most notably the nightmare of the Heartland Payment Systems data breach. This type of attack has ...

ESET Research has discovered a significant cybersecurity threat as the Winter Vivern group exploited a zero-day cross-site scripting (XSS) vulnerability in the Roundcube Webmail server. The new ...