Dark Reading

Killer Combo: XSS + CSRF

Researchers will demonstrate a lethal combination of cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks tomorrow at Black Hat Europe in Amsterdam. The goal is to show the danger ...
Infosecurity-magazine.com

XSS is Most Rewarding Bug Bounty as CSRF is Revived

Cross-site scripting (XSS) is the most rewarding security vulnerability, according to data on the number of bug bounties paid. According to HackerOne’s top 10 most impactful security vulnerabilities, ...
Threat Post

WordPress Fixes CSRF, XSS Bugs, Announces Bug Bounty Program

WordPress fixed six vulnerabilities with version 4.7.5 and announced a bug bounty program with HackerOne this week. WordPress is urging webmasters to update to the latest version of its content ...
ZDNet

TikTok patches reflected XSS bug, one-click account takeover exploit

TikTok has patched a reflected XSS security flaw and a bug leading to account takeover impacting the firm's web domain. Reported via the bug bounty platform HackerOne by researcher Muhammed "milly" ...
Hosted on MSN

Cross site scripting decoded how hackers turn a browser bug into a full scale breach

Cross-Site Scripting (XSS) attacks are often misunderstood as harmless glitches that display alerts in the browser, while in actuality they are one of the most powerful and malicious vulnerabilities ...
Dark Reading

CSRF Flaws Found on Major Websites

Researchers from Princeton University today revealed their discovery of four major Websites susceptible to the silent-but-deadly cross-site request forgery (CSRF) attack -- including one on ...
Bleeping Computer

Wordpress 5.1.1 Fixes XSS Vulnerability Leading to Website Takeovers

The WordPress team fixed a software flaw introduced in the 5.1 release that could allow potential attackers to perform stored cross-site scripting (XSS) attacks with the help of maliciously crafted ...