Dark Reading

Killer Combo: XSS + CSRF

Researchers will demonstrate a lethal combination of cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks tomorrow at Black Hat Europe in Amsterdam. The goal is to show the danger ...
Infosecurity-magazine.com

XSS is Most Rewarding Bug Bounty as CSRF is Revived

Cross-site scripting (XSS) is the most rewarding security vulnerability, according to data on the number of bug bounties paid. According to HackerOne’s top 10 most impactful security vulnerabilities, ...
Dark Reading

CSRF Flaws Found on Major Websites

Researchers from Princeton University today revealed their discovery of four major Websites susceptible to the silent-but-deadly cross-site request forgery (CSRF) attack -- including one on ...
ZDNet

TikTok patches reflected XSS bug, one-click account takeover exploit

TikTok has patched a reflected XSS security flaw and a bug leading to account takeover impacting the firm's web domain. Reported via the bug bounty platform HackerOne by researcher Muhammed "milly" ...
Infosecurity-magazine.com

TikTok Patches Bugs Enabling One-Click Account Takeover

TikTok has patched two common types of vulnerability which a researcher combined to create a “one-click” account takeover attack. Submitted by Muhammed Taskiran via HackerOne back on August 26, the ...
Searchenginejournal.com

WordPress Security Release Fixes 16 Vulnerabilities

WordPress released a security update to fix sixteen vulnerabilities, recommending that sites be updated immediately. The security notice did not offer a description of the severity of the ...
Bleeping Computer

Wordpress 5.1.1 Fixes XSS Vulnerability Leading to Website Takeovers

The WordPress team fixed a software flaw introduced in the 5.1 release that could allow potential attackers to perform stored cross-site scripting (XSS) attacks with the help of maliciously crafted ...