A dangerous new cross-site scripting attack is being called the first Web 2.0 exploit used against VoIP. Security researchers have found a way to execute cross-site scripting attacks through VoIP ...

Websites that accidentally distribute rogue code could find it harder to undo the damage if attackers exploit widespread browser support for HTML5 local storage and an increasing tendency for heavy ...

The teen, identified as Pearce Delphin, 17, detected the cross-site scripting (XSS) flaw which allowed JavaScript code to appear as plain text in tweets that could then be launched on the browsers of ...

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...

Many websites have a WYSIWYG editor. You may not even realise that you are using one, but – if you think about it – chances are that many of the sites that you visit allow you make forum posts, ...

4:14 PM -- Two new Firefox plug-ins were released last month to assist developers and security professionals in testing for cross-site scripting (XSS) and SQL injection vulnerabilities. Even though ...

Attackers exploited a vulnerability in a popular video-sharing site to hijack users’ browsers for use in a large-scale distributed denial-of-service attack, according to researchers from Web security ...

A vulnerability rated as High was recently patched in a Google Fonts optimization plugin for WordPress, allowing attackers to delete entire directories and upload malicious scripts. The vulnerability ...