Search the Community
Showing results for tags 'xss vulnerability'.
mood posted a topic in Security & Privacy NewsStored XSS Vulnerability on iCloud.com Earned Researcher $5,000 A bug bounty hunter claims he has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com. Vishal Bharad, a researcher and penetration tester from India, published a blog post earlier this week describing his findings. Bharad said he had attempted to find cross-site request forgery (CSRF), insecure direct object reference (IDOR), logic bugs and other types of issues on Apple’s icloud.com website, but ultimately ended up discovering a stored XSS flaw.
mood posted a topic in Security & Privacy NewsThird mutation XSS bug patched in Mozilla Bleach library Bleach, a Python library that enables web developers to clean HTML input and prevent cross-site scripting (XSS) attacks, was itself found to have an XSS vulnerability, according to an advisory posted on GitHub by Mozilla, the library’s developer. Mozilla Bleach escapes and removes characters that can otherwise lead to the execution of arbitrary code when rendered on a browser. As of this writing, more than 100,000 GitHub repositories depend on Bleach. The vulnerability, discovered by resea
mood posted a topic in Security & Privacy NewsUndisclosed Apache Velocity XSS vulnerability impacts GOV sites An undisclosed Cross-Site Scripting (XSS) vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA and NOAA. Although 90 days have elapsed since the vulnerability was reported and patched, BleepingComputer is not aware of a formal disclosure made by the project. Apache Velocity is a Java-based template engine used by developers for designing views in a Model-View-Controller (MVC) architecture. Velocit