Tags » XSS
TL;DR: Millions of domains on the web use wildcard DNS records as “catch all’s” for all subdomains of their parent domain. When combined with a Cross-Site Scripting (XSS) flaw this allows remote attackers to use these sites to launch convincing XSS based spear phishing attacks that appear to source from these domains. 1,390 more words
Near two weeks ago, I found the SELF-XSS vulnerability on “data-text” attribute of edit the timestamp of the edit comment functionality of WordPress 4.3.1. This security bug is to assist any attacker to abuse any user to inject the malicious scripts and code into DOM console. 245 more words
This fix by the team at LinkedIn is worth noting if for no other reason than the speed to resolution.
In the world of websites, hackers have a variety of tools to intrude on people’s domains. These hacks, which take advantage of vulnerabilities in a site’s code, are categorized by projects like the… 551 more words
Near a month ago, I found the XSS vulnerability on closeText option in the dialog component of latest jQuery UI versions 1.11.4. This security bug is to help any attacker to inject the malicious scripts and code into any web page using jQuery UI. 330 more words