#XSS

Offensive Sequence

@offseq.bsky.social

6 hours ago

CVE-2026-4169: Cross Site Scripting in Tecnick TCExam CVE-2026-4169 is a cross-site scripting vulnerability identified in the Tecnick TCExam application, affecting versions 16.0 through 16.6.0. The vulnerability resides in the F_xml_export_users function of the admin/code/tce_xml_users.php fil

Tecnick TCExam (16.0 – 16.6.0) hit by MEDIUM XSS (CVE-2026-4169) in XML export. Admins: upgrade to 16.6.1, restrict admin access, & audit logs. Details: radar.offseq.com/threat/cve-2026-4169-cro... #OffSeq #XSS #PatchNow

Hasamba

@hasamba72.bsky.social

1 day ago

Sec-Context: exhaustive anti-pattern reference for LLM-generated code (breadth ~65K tokens, depth ~100K tokens). Highlights dependency squatting, XSS, hardcoded secrets and proposes a review agent approach. #XSS #LLM #dependency_squatting https://bit.ly/3PmM9WR

Offensive Sequence

@offseq.bsky.social

1 day ago

CVE-2026-32626: CWE-79: Improper Neutralization of Input During Web Page Generat CVE-2026-32626 is a critical security vulnerability affecting AnythingLLM Desktop versions 1.11.1 and earlier, developed by Mintplex-Labs. The vulnerability is classified as CWE-79, an improper neutralization of input during web page genera

Critical XSS in AnythingLLM Desktop ≤1.11.1 (CVSS 9.7) enables remote code execution via chat input. Patch ASAP or restrict chat & secure Electron configs. Stay protected! radar.offseq.com/threat/cve-2026-32626-cw... #OffSeq #Security #XSS

Edmond

@edm0nd.bsky.social

1 day ago

GitHub - spmedia/Threat-Actor-Usernames-Scrape: A collection of intel and usernames scraped from various cybercrime sources & forums. DarkForums, HackForums, Patched, Cracked, BreachForums, LeakBase, ... A collection of intel and usernames scraped from various cybercrime sources & forums. DarkForums, HackForums, Patched, Cracked, BreachForums, LeakBase, XSS, Dread, & more - spmedia/Threat-A...

500k+ threat actor usernames atm and quickly growing.

Should be able to hit 1M+ in 2026 :)

#cti #threatintel #osint #infosec #cybersecurity #hacking #threatactors #usernames #darkforums #hackforums #dread #oguser #xss #darknetarmy #ogu #leakbase #breachstars

github.com/spmedia/Thre...

The Daily Tech Feed

@thedailytechfeed.com

1 day ago

GitLab releases critical security updates addressing XSS and DoS vulnerabilities. Admins urged to update to versions 18.9.2, 18.8.6, or 18.7.6 immediately. #GitLab #CyberSecurity #XSS #DoS Link: thedailytechfeed.com/gitlab-issue...

DanQ.me

@blog.m.danq.me.ap.brid.gy

2 days ago

[Article: Why Security Engineering needs a Hacker Mentality]

Security engineering is about a lot of things, but the best security engineers show the 'hacker mindset' characteristics of curiosity and imagination. Here's an example of how I found an XSS vulnerability in a forum, mostly by […]

@muhammaduzairkhan.bsky.social

4 days ago

Found Reflected XSS on a bug bounty target 🎯

Payload:

<img src=x onerror=prompt(/XSS/)>

Reported responsibly ✅

#BugBounty #XSS #InfoSec

Mozilla

@mozilla.activitypub.awakari.com.ap.brid.gy

4 days ago

Goodbye innerHTML, Hello setHTML The new .setHTML() method in JavaScript, part of the Sanitizer API, can be a one-to-one replacement for .innerHTML(), making sites more secure from XSS attacks. I t...

#The #Beat #JavaScript #Sanitizer #API #XSS

Origin | Interest | Match

Offensive Sequence

@offseq.bsky.social

5 days ago

CVE-2026-1261: CWE-79 Improper Neutralization of Input During Web Page Generatio CVE-2026-1261 is a stored Cross-Site Scripting (XSS) vulnerability identified in the MetForm Pro plugin for WordPress, specifically affecting the Quiz feature in all versions up to 3.9.6. The root cause is insufficient sanitization of user

MetForm Pro for WordPress hit by HIGH-severity stored XSS (all versions, Quiz feature). Unauthenticated attackers can inject scripts. Disable Quiz & monitor for patches now. radar.offseq.com/threat/cve-2026-1261-cwe... #OffSeq #WordPress #XSS

Offensive Sequence

@offseq.bsky.social

5 days ago

CVE-2026-30862: CWE-79: Improper Neutralization of Input During Web Page Generat CVE-2026-30862 is a critical stored Cross-Site Scripting (XSS) vulnerability identified in the Appsmith platform, a tool used for building admin panels, internal tools, and dashboards. The vulnerability exists in the Table Widget (TableWidg

CRITICAL: Appsmith <1.96 has a stored XSS flaw (CVE-2026-30862) in TableWidgetV2. Admin account takeover possible via 'Invite Users'. Upgrade to 1.96+ now! radar.offseq.com/threat/cve-2026-30862-cw... #OffSeq #XSS #Appsmith

EsGeeks

@esgeeks.bsky.social

5 days ago

Guía de DalFox: Domina el Escáner XSS para Pentesting Descubre DalFox, la herramienta de pentesting esencial para encontrar vulnerabilidades XSS. Una guía paso a paso en su instalación y uso.

¿Listo para cazar vulnerabilidades XSS? 🦊 Te guiamos paso a paso para dominar DalFox, el escáner XSS que necesitas en tu arsenal de pentesting. #DalFox #XSS #Pentesting #Ciberseguridad

Offensive Sequence

@offseq.bsky.social

1 week ago

CVE-2026-1074: CWE-79 Improper Neutralization of Input During Web Page Generatio CVE-2026-1074 is a stored cross-site scripting (XSS) vulnerability identified in the WP App Bar plugin for WordPress, affecting all versions up to and including 1.5. The root cause is insufficient input sanitization and output escaping of t

🚨 High-severity XSS in WP App Bar plugin (all versions). Unauthenticated attackers can inject scripts, risking admin credentials. Disable or patch ASAP! radar.offseq.com/threat/cve-2026-1074-cwe... #OffSeq #WordPress #XSS

The Daily Tech Feed

@thedailytechfeed.com

1 week ago

Critical XSS vulnerability (CVE-2026-27970) found in Angular i18n! Developers must update immediately to prevent malicious code execution. #Angular #CyberSecurity #XSS #WebDevelopment Link: thedailytechfeed.com/high-severit...

Marduk

@marduk-james.bsky.social

1 week ago

Context Is Everything: A Practical Guide to XSS Understanding XSS Using Five Portwigger Labs.

A breakdown of how execution context determines whether your payload fails or fires — using hands-on PortSwigger labs.

#xss #BugBounty #ethicalhacking #CyberSecurityAwareness

I just published Context Is Everything: A Practical Guide to XSS medium.com/p/context-is...

Offensive Sequence

@offseq.bsky.social

1 week ago

CVE-2026-3412: Cross Site Scripting in itsourcecode University Management System CVE-2026-3412 is a cross-site scripting (XSS) vulnerability identified in the itsourcecode University Management System version 1.0. The flaw resides in the /att_single_view.php script, specifically in the handling of the 'dt' parameter. Th

itsourcecode University Management System v1.0 hit by MEDIUM XSS (CVE-2026-3412). Public exploit out — patch or sanitize input to prevent session hijack & info theft. Details: radar.offseq.com/threat/cve-2026-3412-cro... #OffSeq #XSS #EdTech

@muhammaduzairkhan.bsky.social

1 week ago

My First XSS Vulnerability. The Day I Started My Bug Bounty Journey Introduction:

Just got my first XSS vulnerability accepted on OpenBugBounty! 🎉

Found a Stored XSS and reported it responsibly.

Full write-up here: medium.com/@moohammaduz...

Starting my bug bounty journey! 🚀

#BugBounty #XSS #CyberSecurity #EthicalHacking #StoredXSS #CyberSecurityStudent

Offensive Sequence

@offseq.bsky.social

2 weeks ago

CVE-2026-3010: CWE-79 Improper Neutralization of Input During Web Page Generatio CVE-2026-3010 is a critical vulnerability classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), commonly known as Cross-site Scripting (XSS), affecting Microchip's TimePictra software versions 11.0 through 1

CRITICAL XSS in Microchip TimePictra (v11.0 – 11.3 SP2) lets remote attackers inject scripts. No patch yet — restrict web access, set WAF rules, and monitor activity. Details: radar.offseq.com/threat/cve-2026-3010-cwe... #OffSeq #XSS #ICS

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

2 weeks ago

Stored XSS Flaw in RustFS Console Leaks Admin S3 Credentials A severe stored cross-site scripting (XSS) flaw in the RustFS Console lets attackers steal admin S3 credentials, enabling full account t...

#Cyber #Security #News #Cybersecurity #XSS #Cyber […]

[Original post on cyberpress.org]

KIP/JΛYCHØU ⁂ :neocat_cofe:

@admin.mstdn.feddit.social.ap.brid.gy

2 weeks ago

https://www.instagram.com/

停下！

这是浏览器为开发者提供的功能。如果有人告诉你复制粘贴某些内容到这里就能启用 Instagram 的某个功能，或者“黑”别人的账号，那一定是骗局，这样做会让你的 Instagram 账号被盗。

#instagram #xss #devtools

草野貴之 (Kusano Takayuki)

@tkusano.jp

2 weeks ago

リトにブックマークを登録しました

リトで参照する #XSS #security #rito.blue

草野貴之 (Kusano Takayuki)

@tkusano.jp

2 weeks ago

Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148 – Mozilla Hacks - the Web developer blog Cross-site scripting (XSS) remains one of the most prevalent vulnerabilities on the web. The new standardized Sanitizer API provides a straightforward way for web developers to sanitize untrusted HTML before inserting it into the DOM. Firefox 148 is the f

XSS対策のためのHTML Sanitizer APIをFirefox 148が実装

リトで参照する #XSS #security #rito.blue

🌈 Lascapi ⁂

@lascapi.social.tchncs.de.ap.brid.gy

2 weeks ago

再见 InnerHTML，你好 SetHTML：Firefox 148 版强化跨站脚本攻击防护 Goodbye InnerHTML, Hello SetHTML: Stronger XSS Protection in Firefox 148 (hacks.mozilla.org) 02-24  ↑ 107 HN Points

Goodbye #innerHTML, Hello #setHTML: Stronger #XSS Protection in #Firefox 148
#web #security
hacks.mozilla.org/2026/02/goodbye-innerhtm...

Ahmandonk

@ahmandonk.bsky.social

2 weeks ago

📰 CISA: Celah Roundcube yang Baru Ditambal Kini Dieksploitasi dalam Serangan Aktif

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/02/24/kerentanan-ro...

#cisa #keamananSiber #remoteCodeExecution #roundcube #vulnerability #webmail #xss

kalvn

@kalvn.net

2 weeks ago

L'API Sanitizer arrive tout doucement dans Firefox, pour aider à se prémunir efficacement contre les attaques XSS.

🔗 hacks.mozilla.org/2026/02/goodbye-innerhtm...

#xss #firefox #web #release

Offensive Sequence

@offseq.bsky.social

2 weeks ago

CVE-2026-25802: CWE-79: Improper Neutralization of Input During Web Page Generat CVE-2026-25802 is a Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting the QuantumNous new-api product, specifically versions before 0.10.8-alpha.9. The vulnerability arises from improper neutralization of input dur

High-severity XSS in QuantumNous new-api (<0.10.8-alpha.9) lets attackers run scripts via MarkdownRenderer. Patch to 0.10.8-alpha.9+ & harden your AI stack. radar.offseq.com/threat/cve-2026-25802-cw... #OffSeq #XSS #AIsecurity

Hackread.com

@hackread.bsky.social

2 weeks ago

Multiple Zero-Day Flaws in PDF Platforms Enable XSS and One-Click Attacks 16 zero-day security flaws found in Foxit and Apryse PDF platforms could lead to account takeover and RCE. Learn how AI identified these risks.

📢⚠️ Researchers uncover multiple zero-day PDF platform flaws enabling XSS and one-click attacks that can let hackers run malicious code simply by opening a file.

Read: hackread.com/zero-day-fla...

#CyberSecurity #ZeroDay #Vulnerability #PDF #Infosec #XSS

The Daily Tech Feed

@thedailytechfeed.com

3 weeks ago

Critical #Jenkins vulnerabilities (CVE-2026-27099 & CVE-2026-27100) expose build environments to XSS attacks. Update to versions 2.551 or LTS 2.541.2 immediately! #CyberSecurity #XSS Link: thedailytechfeed.com/critical-jen...

CyberTaters

@potato.software

3 weeks ago

React XSS tip: Never use dangerouslySetInnerHTML with untrusted input. Always sanitize with DOMPurify or similar libraries.

#potatosecurity #webdev #React #XSS

Offensive Sequence

@offseq.bsky.social

3 weeks ago

CVE-2026-25896: CWE-185: Incorrect Regular Expression in NaturalIntelligence fas The vulnerability CVE-2026-25896 affects the fast-xml-parser library, a popular JavaScript tool used for validating XML, parsing XML into JavaScript objects, and building XML from JavaScript objects without relying on C/C++ libraries or cal

fast-xml-parser (<5.3.5) CRITICAL flaw: attackers can override XML entities, causing XSS. Upgrade to 5.3.5+ now if your apps parse XML! radar.offseq.com/threat/cve-2026-25896-cw... #OffSeq #XSS #NodeSecurity

Duende Software

@duendesoftware.com

3 weeks ago

- YouTube Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

Cross-Site Scripting (XSS) is one of the most common web attacks! 💥

Learn the 3 types (Reflected, Stored, DOM-based), the main developer mistake, and how to defend your app with #ASPNETCore and proper HTML escaping.

youtu.be/Zqvw6XR9Lug #XSS #WebSecurity #dotnet