EXPLORE: How are feds approaching zero trust? XSS vs. Cross-Site Request Forgery A variation on the XSS approach, a cross-site request forgery attack forces an end user to execute unwanted actions.

In a blog entry about the latest Gmail vulnerability, Petkov points out that web-based cross-site scripting attacks can potentially pose a more serious threat to users than conventional viruses.

After Cross Site Scripting (XSS), the second most common web application security exploit is probably one you haven’t heard of: Cross Site Request Forgery (or CSRF for short). This little-known ...

It said Cross-Site Scripting, XML External Entity Injection and Cross-Site Request Forgery were the most prevalent vulnerabilities across the board, while, for the second month in a row, the most ...

eBay is working on a fix for a cross-site request forgery problem that could allow an attacker to change a user’s password and get access to that user’s account. Read the full article. [eWEEK] ...

Cross-site scripting (XSS) is the most commonly exploited vulnerability, according to HackerOne, currently the largest platform aimed at connecting organisations with a community of white hat ...

Attackers are able to bypass the reflective cross-site scripting filter in Internet Explorer; a weakness that will not be fixed by Microsoft.

The cross-site scripting flaw could have allowed malicious code injection on the site, and could have led to visitors being redirected to a malicious site.