Network World

New cross-site scripting attack targets VoIP

A dangerous new cross-site scripting attack is being called the first Web 2.0 exploit used against VoIP. Security researchers have found a way to execute cross-site scripting attacks through VoIP ...
CRN

Twitter Site Update Opened Hole For 'onMouseOver' XSS Attack

The teen, identified as Pearce Delphin, 17, detected the cross-site scripting (XSS) flaw which allowed JavaScript code to appear as plain text in tweets that could then be launched on the browsers of ...
Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...
Computerworld

How to defeat the new No. 1 security threat: cross-site scripting

Cross-site scripting, often abbreviated XSS, is a class of Web security issues. A recent research report stated that XSS is now the top security risk. In a typical XSS scenario, a Web page might use ...