Threat Post

Verizon Patches XSS Issues in its Messaging Client

Verizon patched late last year persistent- DOM-based cross-site scripting vulnerabilities in its Message+ messaging client that could allow an attacker to control a user’s session. Verizon late last ...
Pro-Linux

Sicherheit: Cross-Site Scripting in node-dompurify

It was discovered that DOMPurify, a sanitizer for HTML, MathML and SVG was susceptible to nesting-based mXSS. For the stable distribution (bookworm), this problem has been fixed in version ...
heise online

Web security: With content security policy against cross-site scripting, part 1

Cross-site scripting (XSS) remains a serious threat, even though the most commonly used front-end frameworks come with many security functions as standard. Frameworks such as React or Angular offer ...