A number of publicly disclosed vulnerabilities in Moxa networking gear won’t be patched until August, if at all, according to ICS-CERT.
Tag Archives: cross-site scripting
Critical Flaws in Magento leave Millions of E-Commerce Sites at Risk
If you are using Magento to run your e-commerce website, it’s time for you to update the CMS (content management system) now.
Millions of online merchants are at risk of hijacking attacks due to a number of critical cross-site scripting (XSS) vulnerabilities in the Magento, the most popular e-commerce platform owned by eBay.
Why the Bugs are So Serious?
Virtually all versions of
Critical Yahoo Mail Flaw Patched, $10K Bounty Paid
A researcher earned a $10,000 bounty from Yahoo for a stored cross-site scripting vulnerability in Yahoo Mail.
Simple Yet Effective eBay Bug Allows Hackers to Steal Passwords
A simple, yet effective flaw discovered on eBay’s website exposed hundreds of millions of its customers to an advance Phishing Attack.
An Independent Security Researcher reported a critical vulnerability to eBay last month that had the capability to allow hackers to host a fake login page, i.e. phishing page, on eBay website in an effort to steal users’ password and harvest credentials
Critical Flaws Found in Network Management Systems
Rapid7 has reported and disclosed a half-dozen XSS and SQL injection flaws in popular network management systems, all of which can be reached via SNMP.
LinkedIn Fixes Persistent XSS Vulnerability
LinkedIn fixed a persistent cross site scripting vulnerability in its site this week that could have spread a worm on the service’s help forums.
WordPress Jetpack Plugin Patched Against Stored XSS Vulnerability
The popular Jetpack WordPress plugin was updated this week in order to patch a critical stored cross-site scripting vulnerability.
WordPress Patches Serious Shortcodes Core Engine Vulnerability
WordPress upgraded to 4.3.1, patching a pair of vulnerabilities in the core engine, including a cross-site scripting issue enabled by a vulnerability in shortcodes.
Netflix Sleepy Puppy Awakens XSS Vulnerabilities in Secondary Applications
Netflix released Sleepy Puppy, a cross-site scripting payload management framework, to open source. The tool finds XSS vulnerabilities in secondary applications.
Salesforce Patches XSS on a Subdomain
Salesforce.com patched a cross-site scripting vulnerability on one of its domains that could have led to phishing attacks.