Security News

XSS Flaw in Gmail's Dynamic Email Feature Earns Researcher $5,000
2019-11-20 14:22

A researcher has earned $5,000 from Google for an interesting cross-site scripting (XSS) vulnerability found in the dynamic email feature added a few months ago to Gmail. read more

XSS security hole in Gmail’s dynamic email
2019-11-20 12:08

The bug was fixed at least a month ago so users receiving dynamic email content have one less thing to worry about.

Unpatched Bug Under Active Attack Threatens WordPress Sites with XSS
2019-09-25 16:28

The issue in the Rich Reviews plugin is being actively exploited.

WordPress XSS Bug Allows Drive-By Code Execution
2019-09-13 20:52

Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover.

WordPress 5.2.3 Patches Several XSS Vulnerabilities
2019-09-05 12:17

WordPress developers on Thursday announced the availability of version 5.2.3, a maintenance and security release that includes 29 fixes and enhancements, along with several security patches. read more

Authenticated XSS Found in WordPress Plugin Facebook Widget
2019-07-29 13:54

The WordPress plugin Facebook Widget (Widget for Facebook Page Feeds), which was recently closed on the WordPress plugin directory, is affected by an authenticated persistent Cross-Site Scripting...

Google Chrome is ditching its XSS detection tool
2019-07-18 11:52

Google's throwing in the towel on XSS Auditor and putting its trust in Trusted Types instead.

How a Big Rock Revealed a Tesla XSS Vulnerability
2019-07-16 16:18

Bug Hunter Sam Curry's Find Left Tesla Slightly Red FacedSoftware vulnerabilities sometimes have an uncanny knack of revealing themselves, even when a bug hunter is looking someplace else. Sam...

Tesla Awards Researcher $10,000 After Finding XSS Vulnerability
2019-07-15 19:17

A researcher has earned $10,000 from Tesla after discovering a stored cross-site scripting (XSS) vulnerability that could have been exploited to obtain — and possibly modify — vehicle information....

WordPress Plugin WP Statistics Patches XSS Flaw
2019-07-05 19:27

A cross-site scripting vulnerability in WordPress plugin WP Statistics could have enabled full website takeover.