Threats Tagged 'xss'
View all threats tagged with 'xss'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'xss'
Click on any threat for detailed analysis and mitigation recommendations
Microsoft patches Exchange Server zero-day exploited in attacks 0 Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web Access users. [...] Join the discussion | Bleeping Computer | 06/10/2026, 13:44:19 UTC Added: 06/10/2026, 13:49:44 UTC |
Exploit-DB RSS Feed | 04/29/2026, 00:00:00 UTC Added: 04/29/2026, 11:52:29 UTC | |
HAX CMS 24.x - Stored Cross-Site Scripting (XSS) 0 HAX CMS 24.x - Stored Cross-Site Scripting (XSS) Join the discussion | Exploit-DB RSS Feed | 04/29/2026, 00:00:00 UTC Added: 04/29/2026, 11:52:29 UTC |
Exploit-DB RSS Feed | 04/09/2026, 00:00:00 UTC Added: 04/10/2026, 00:22:26 UTC | |
Operation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine 0 An exposed open directory revealed a comprehensive Roundcube exploitation toolkit used by APT28 to target Ukrainian government entities. The toolkit includes XSS payloads, a Flask-based C2 server, CSS injection tools, and a Go-based implant. It enables credential harvesting, persistent mail forwarding, bulk email exfiltration, address book theft, and 2FA secret extraction. The primary target was identified as mail.dmsu.gov.ua, Ukraine's State Migration Service. Technical analysis shows significant overlaps with previously documented APT28 operations, while introducing new capabilities such as CSS-based side-channel attacks and browser credential theft. The toolkit's modular approach and sophisticated evasion techniques demonstrate APT28's evolving tactics in compromising webmail platforms for long-term intelligence gathering. Join the discussion | AlienVault OTX General | 03/18/2026, 10:51:37 UTC Added: 03/18/2026, 11:12:34 UTC |
Recent RoundCube Webmail Vulnerability Exploited in Attacks 0 Patched in December 2025, the exploited flaw leads to XSS attacks via the animate tags in SVG documents. The post Recent RoundCube Webmail Vulnerability Exploited in Attacks appeared first on SecurityWeek . Join the discussion | SecurityWeek | 02/23/2026, 10:47:45 UTC Added: 02/23/2026, 11:01:20 UTC |
RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS) 0 RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS) Join the discussion | Exploit-DB RSS Feed | 02/02/2026, 00:00:00 UTC Added: 02/03/2026, 08:47:40 UTC |
Piranha CMS 12.0 - Stored XSS in Text Block 0 Piranha CMS 12.0 - Stored XSS in Text Block Join the discussion | Exploit-DB RSS Feed | 02/02/2026, 00:00:00 UTC Added: 02/03/2026, 08:47:40 UTC |
MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities 0 XSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25. The post MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities appeared first on SecurityWeek . Join the discussion | SecurityWeek | 12/12/2025, 12:00:01 UTC Added: 12/12/2025, 12:05:36 UTC |
Ivanti EPM Update Patches Critical Remote Code Execution Flaw 0 The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges. The post Ivanti EPM Update Patches Critical Remote Code Execution Flaw appeared first on SecurityWeek . Join the discussion | SecurityWeek | 12/10/2025, 11:53:55 UTC Added: 12/10/2025, 12:08:26 UTC |
Showing 1 to 10 of 39 results