Bleeping Computer

Undisclosed Apache Velocity XSS vulnerability impacts GOV sites

An undisclosed Cross-Site Scripting (XSS) vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA and NOAA. Although 90 days ...
Dark Reading

Cross-Site Scripting Errors Continue to Be Most Common Web App Flaw

Cross-site scripting (XSS) errors that allow attackers to inject malicious code into otherwise benign websites continue to be the most common web application vulnerability across organizations. Bug ...
Searchenginejournal.com

WordPress Stored XSS Vulnerability – Update Now

WordPress announced a security update to fix two vulnerabilities that could provide an attacker with the opportunity to stage a full site takeover. Among the two vulnerabilities, the most serious one ...
Dark Reading

Microsoft Azure HDInsight Plagued With XSS Vulnerabilities

Microsoft, already under scrutiny for its cloud security practices, recently patched as many as eight severe vulnerabilities in various Apache services in Azure HDInsight — the software giant's ...
Searchenginejournal.com

Vulnerability Found In WordPress Gutenberg Plugin?

The United States government’s National Vulnerability Database published a notification of a vulnerability discovered in the official WordPress Gutenberg plugin. But according to the person who found ...
WeLiveSecurity

Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers

ESET Research has been closely tracking the cyberespionage operations of Winter Vivern for more than a year and, during our routine monitoring, we found that the group began exploiting a zero-day XSS ...