From XSS to RCE: How to hijack a DotNetNuke server via a single script injection

Over 750,000 websites require patching following discovery of DotNetNuke XSS vulnerability ...
Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...
Bleeping Computer

Palo Alto Networks warns of firewall hijack bugs with public exploit

Palo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls. The flaws were found in Palo Alto ...
Dark Reading

Single HTTP Request Can Exploit 6M WordPress Sites

A WordPress plug-in installed more than 6 million times is vulnerable to a cross-site scripting flaw (XSS) that allows attackers to escalate privileges and potentially install malicious code to enable ...

Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks

Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a ...
Infosecurity-magazine.com

Suspected XSS Forum Admin Arrested in Ukraine

A man suspected of administering the Russian-language cybercrime forum XSS was arrested in Ukraine on July 22. In an official statement on July 23, Laure Beccuau, a French State Prosecutor, said that ...