Tags » XSS

XSS Vulnerability in the Settings of AtMailOpen open source software

12 days ago, I found the XSS vulnerability at the Display Name field of the Settings functionality of AtMailOpen open source software. This security bug is to assist any attacker to inject the malicious scripts to be stored on the server. 188 more words

Security Bug

Check your Logs - You May Be an Attack Platform

TL;DR: Millions of domains on the web use wildcard DNS records as “catch all’s” for all subdomains of their parent domain. When combined with a Cross-Site Scripting (XSS) flaw this allows remote attackers to use these sites to launch convincing XSS based spear phishing attacks that appear to source from these domains. 1,390 more words

Security Info

Self-XSS Vulnerability on "data-text" attribute in edit comment functionality of WordPress 4.3.1

Near two weeks ago, I found the SELF-XSS vulnerability on “data-text” attribute of edit the timestamp of the edit comment functionality of WordPress 4.3.1. This security bug is to assist any attacker to abuse any user to inject the malicious scripts and code into DOM console. 245 more words

Security Bug

Data types and web specific test cheat sheet

Data types

■ Long name(>255 chars) ■ Special characters in name(space * ? / \ | < > , . ( ) [ ] { } ; : ‘ “ ! 331 more words


This Week in Exploits: What Are XSS Vulnerabilities? Part 1

In the world of websites, hackers have a variety of tools to intrude on people’s domains. These hacks, which take advantage of vulnerabilities in a site’s code, are categorized by projects like the… 551 more words


XSS Vulnerability on closeText option of Dialog jQuery UI 1.11.4

Near a month ago, I found the XSS vulnerability on closeText option in the dialog component of latest jQuery UI versions 1.11.4. This security bug is to help any attacker to inject the malicious scripts and code into any web page using jQuery UI. 330 more words

Security Bug