Yoast addressed a cross-site scripting vulnerability in its Google Analytics WordPress plugin that allows a hacker to store code in the WordPress administrator dashboard that executes upon viewing.
Tag Archives: XSS
Google Adds Content Security Policy Support to Gmail
Google has added another layer of security for users of Gmail on the desktop, which now supports content security policy, a standard that’s designed to help mitigate cross-site scripting and other common Web-based attacks. CSP is a W3C standard that has been around for several years, and it’s been supported in a number of browsers […]
IBM Fixes Serious Code Execution Bug in Endpoint Manager Product
IBM has fixed a serious vulnerability in its Endpoint Manager product that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability lies in the Endpoint Manager for Mobile Devices component of the product and the researchers who discovered it said the bug could be used to compromise not […]
WordPress 4.0.1 Update Patches Critical XSS Vulnerability
The latest version of WordPress, 4.0.1, patches a critical cross-site scripting vulnerability in comment fields that enables admin-level control over a website.
Drupal Patches XSS Vulnerability in Spam Module
Drupal released an update that patches a moderately critical cross-site scripting vulnerability in its Mollom content and spam moderation module.
WordPress Plugins Bogged Down with CSRF, XSS Vulnerabilities
A handful of bugs, mostly XSS and CSRF vulnerabilities, have been plaguing at least eight different WordPress plugins as of late.