Cross-site scripting is a web application vulnerability which allows attackers to execute arbitrary code client-side in a victim's browser, which can lead to browser session hijacking or the theft of ...

A slew of cross-site scripting (XSS) and SQL injection (SQLi) vulnerabilities that affect several network management system (NMS) products has been uncovered. Security firm Rapid7 has released details ...

Adobe has plugged a hole in its ubiquitous Flash media player that attackers were exploiting to control services such as webmail accessed by end users. The universal XSS, or cross-site scripting, ...

A Twitter user has demonstrated a cross-site scripting (XSS) vulnerability on the microblogging platform that could allow an attacker to take over users' accounts or spread malware. An Indonesian ...

The bug would allow a number of malicious actions, up to and including full site takeover. The vulnerable plugin is installed on 100,000 websites. A stored cross-site scripting (XSS) vulnerability in ...

Finnish security researcher Jouko Pynnonen found a second stored cross-site scripting vulnerability in Yahoo Mail in less than a year, both of which earned him $10,000 bug bounties. The déjà vu is ...

Mozilla developer Michael Bebenita has released a JavaScript-based H.264 decoder that is intended to run natively in Web browsers. The decoder, which can display video at 30 frames per second on ...

Microsoft's security response team has confirmed the existence of a serious cross-site scripting (XSS) vulnerability in the Microsoft SharePoint Server 2007 product. The vulnerability, which can be ...