The Hacker News

Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files

"When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event ...

Hackers exploited Zimbra flaw as zero-day using iCalendar files

Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in ...
GitHub

Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...
SecurityWeek

In Other News: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Research

Noteworthy stories that might have slipped under the radar: Huntress research raises concerns, Google paid out $1.6 million for cloud vulnerabilities, California web browser bill. SecurityWeek’s ...
GitHub

XSS'OR - Hack with JavaScript.

Python 3 with Django 3.0.* or Python 2 with Django 1.11.* Browser http://[yourip]:8000 to enjoy. If you want to deploy it with Nginx, you can use uWSGI. If you want ...
TechSpot

Breach of npm threatens billions of weekly downloads in JavaScript ecosystem

What the Script: Supply chain attacks are traditionally designed to inflict maximum damage on structured organizations or companies. However, when such an attack compromises a supply chain that an ...