Learn about cross-site scripting vulnerabilities, how attackers inject malicious scripts into web pages, and the impact on users and organizations. These posts explain reflected, stored, and DOM-based XSS variants along with effective prevention techniques for developers and security teams.
posts
A Single Input Field Took Down British Airways In 2018, British Airways disclosed a breach that compromised the personal and financial data of approximately 380,000 customers. The attack vector? A modified script injected into their website's payment page. The UK's Information Commissioner's Office
In September 2024, a security researcher discovered a stored cross-site scripting vulnerability in a major email platform that allowed attackers to execute arbitrary JavaScript the moment a victim opened a crafted message. No clicks required beyond reading the email. The vulnerability sat unpatched for weeks. If you think XSS is
British Airways Lost $230 Million Because of a Script In 2018, British Airways disclosed a breach that exposed the payment card details of roughly 380,000 customers. The attack vector? A malicious script injected into the airline's payment page — a textbook cross-site scripting exploitation. The UK's
The Attack That Hides in Plain Sight on Your Website In 2018, British Airways disclosed a breach that compromised the personal and financial data of roughly 380,000 customers. The attack vector? A modified JavaScript injected into the airline's payment page — a textbook cross-site scripting attack that skimmed
In 2018, British Airways disclosed a breach that exposed the personal and financial data of roughly 380,000 customers. The attack vector? A modified JavaScript injected into the airline's payment page — a textbook cross-site scripting exploit. The UK's Information Commissioner's Office initially proposed a
