Google has created a new browser API that will help Chrome fight certain types of cross-site scripting (XSS) vulnerabilities, adding another level of protection at the browser level to keep users safe ...

Verizon patched late last year persistent- DOM-based cross-site scripting vulnerabilities in its Message+ messaging client that could allow an attacker to control a user’s session. Verizon late last ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

DOM-based attacks are a misunderstood, serious, and pervasive source of risk in contemporary web applications. The language that drives the web, JavaScript, is easy to understand and hard to master; ...

Millions of Wordpress websites are at risk due to a vulnerability present in the default installation of the content management system. Security researcher David Dede warned on Wednesday the ...

Online ad industry moves away from once prolific ads that are now deemed insecure because of DOM-based XSS vulnerabilities. Certain types of online ads that expand, contract and pop-open aren’t just ...

In cyber security, attention is concentrated on the new -- zero-day exploits, for example, are big news and big business. But old threats can still cause big problems for organizations, even when the ...

Millions of websites running WordPress are at risk of hijacking attacks thanks to a vulnerability that is actively being exploited in the wild and is present in the default installation of the widely ...

I first became aware of cross-site scripting (XSS) nearly a decade ago. At the time, despite being an all too prevalent bug in Web applications, the risk posed by the flaw was of limited value. It was ...