ZDNet

Stored XSS bug in Apple iCloud domain disclosed by bug bounty hunter

A stored cross-site scripting (XSS) vulnerability in the iCloud domain has reportedly been patched by Apple. Bug bounty hunter and penetration tester Vishal Bharad claims to have discovered the ...
Dark Reading

'ResumeLooters' Attackers Steal Millions of Career Records

Attackers used SQL injection and cross-site scripting (XSS) to target at least 65 job-recruitment and retail websites with legitimate penetration-testing tools, stealing databases containing more than ...
Threat Post

Unpatched Bug Under Active Attack Threatens WordPress Sites with XSS

The issue in the Rich Reviews plugin is being actively exploited. An unpatched vulnerability in the Rich Reviews plugin for WordPress is putting an estimated 16,000 sites in danger of stored ...
Threat Post

WordPress WP Live Chat Support Plugin Fixes XSS Flaw

A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites. For the second time this month a patch has been ...
Bleeping Computer

Active XSS Attacks Targeting Amp for WP WordPress Plugin

Vulnerabilities were recently discovered in the popular AMP for WP plugin that allows any registered user to perform administrative actions on a WordPress site. It has now been discovered that an ...
Searchenginejournal.com

WordPress AMP Plugin Vulnerability Affects Up To 100,000+ Sites

A cross-site scripting (XSS) is one of the most frequent kind of vulnerability. In the context of WordPress plugins, XSS vulnerabilities happen when a plugin has a way to input data that isn’t ...