cross-site scripting
Despite COVID-19 pandemic, Imperva reports number of vulnerabilities decreased in 2020
Imperva’s report, The State of Vulnerabilities in 2020 has revealed that unlike in previous years, researchers observed a fall in the number of vulnerabilities last year, even as businesses were compelled to ...
Bugcrowd Report Shows Marked Increase in Crowdsourced Security
The impact of the novel coronavirus pandemic on how enterprises work—and secure their workers and data—will last for years. And while the long-term ramifications are yet to be known, a recent survey ...
Nexus Intelligence Insights: CVE-2019-3773 Spring Web Services XML External Entity Injection (XXE)
Spring, a widely used component, makes programming multiple things in Java easier, faster, and safer. The project’s focus on speed, simplicity, and productivity has made it one of the world's most popular ...
Transforming Self-XSS Into Exploitable XSS
Security researcher Brian Hyde was accepted into Synack Red Teams private bug bounty platform and discovered a Reflected XSS vulnerability in one of their programs. The difficulties he faced in exploiting this ...
Fortnite Attack Allowed Taking Over Player Accounts
Security researchers have found several vulnerabilities in the online game Fortnite that could have allowed hackers to break into player accounts, access their personal information, buy in-game currency with the linked credit ...
SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution
Vulnerabilities Summary The following advisory describes a vulnerability in SME Server 9.2, which lets an unauthenticated attackers perform XSS attack that leads to remote code execution as root. SME Server is a ...
WordPress 5.0 Gets Security Patch a Week After Release
Only a week has passed since the release of WordPress 5.0—a new major version codenamed “Bebo”—and the WordPress team has already pushed out a security update for it. WordPress 5.0.1, released Dec ...
Magecart Injects Skimmer Code in Customer Rating Widget
The groups of attackers who specialize in injecting payment card skimmer code called Magecart into online shops managed to compromise a third-party customer rating plugin called Shopper Approved that’s used by thousands ...
Bug bounty payouts double in 2018; India reports the most bugs while U.S. wins highest payouts
Some of the biggest players in various industries have turned to the crowdsourced security model – white hat-driven bug bounty programs – in a race to identify emerging vulnerabilities before the black ...
Hackers Infect Magento Shops With Malware Through Extension Flaw
Attackers are breaking into online shops built with Magento by exploiting a known cross-site scripting vulnerability within a popular extension used by merchants for customer support. A successful compromise results in malware ...