SQL injection has been getting most of the attention lately, but the average SQL injection attack isn't nearly as sophisticated and difficult to pull off as a well-crafted cross-site scripting (XSS) ...

DOM-based XSS attacks exploit the trust relationships in the DOM model. Once elements are parsed by DOM, they can be trusted by other domains, and this is especially true with newer, more ...

A new type of cross-site scripting (XSS) attack that exploits commonly used network administration tools could be putting users' data at risk, a researcher says. Tyler Reguly, lead security research ...