Security News

WordPress 4.2.3 released, addresses critical XSS vulnerability (SC Magazine)
2015-07-23 20:29

WordPress Patches Critical XSS Vulnerability in All Builds (Threatpost)
2015-07-23 17:08

WordPress rolled out a new version of its content management system this morning that addresses a nasty cross-site scripting (XSS) vulnerability that could ultimately lead to site compromise.

TotoLink Routers Plagued By XSS, CSRF, RCE Bugs (Threatpost)
2015-07-16 16:53

A slew of routers manufactured in China are fraught with vulnerabilities, some which have existed in products for as long as six years.

LifeLock Patches XSS That Could’ve Led to Phishing (Threatpost)
2015-07-01 15:48

Researchers identified a cross-site scripting vulnerability in a page on the LifeLock website that could allow an attacker to create an authentic-looking login page for the service and harvest...

Stored XSS Flaw Patched in Thycotic Secret Server (Threatpost)
2015-06-25 16:07

Thycotic, a maker of access-control and other security products, has patched a stored cross-site scripting vulnerability in one of its products that could enable an attacker to steal a victim's...

How to Prevent XSS Vulnerabilities in PHP (Reddit)
2015-06-17 00:11

Popular WordPress SEO Plugin Fixes XSS Bug (Threatpost)
2015-06-15 14:00

The Yoast WordPress SEO plugin, which has been downloaded more than 14 million times, has a serious cross-site scripting vulnerability that can allow an attacker to force a vulnerable site to...

XSS flaw exposed in IBM Domino enterprise platform (ZDNet)
2015-06-01 10:11

Synology Fixes XSS, Command Injection Vulnerabilities in NAS Software (SecurityWeek)
2015-05-26 13:11

XSS, CSRF Vulnerabilities identitified in WSO2 Identity Server (Threatpost)
2015-05-13 18:45

A handful of vulnerabilities have been identified in WSO2 Identity Server that could lead to takeover, firewall bypass, and potentially open subsequent internal servers up to further attacks.