xss
Safeguard articles tagged "xss" — guides, analysis, and best practices for software supply chain and application security.
32 articles
CVE-2019-8331: The Bootstrap XSS Vulnerability, Explained
CVE-2019-8331 let attackers inject script through Bootstrap's tooltip and popover template options, a pattern that recurred across several Bootstrap CVEs before 4.3.1 finally closed it.
What Is XSS? Cross-Site Scripting Full Form and Basics
XSS is short for cross-site scripting, a vulnerability that lets attackers run malicious scripts in a victim's browser. Here's how it works, its three main types, and how it's actually caught.
jQuery 3.5.1 Vulnerabilities: What Was Actually Fixed
jQuery 3.5.1 closed a second cross-site scripting hole in the htmlPrefilter regex that 3.5.0 had only partially patched — here's exactly what changed and why old jQuery bundles still trip scanners.
React Application Security Guide
Securing React applications from XSS, dependency vulnerabilities, and common frontend attack patterns.
Zimbra Collaboration CVE-2023-37580: XSS Zero-Day Exploited by Four Nation-State Groups
A reflected XSS vulnerability in Zimbra Collaboration was exploited by four distinct threat groups targeting government organizations worldwide. The campaign showed how even 'low severity' bugs enable espionage.
Cross-Site Scripting (XSS) Prevention: Context-Aware Encoding and Modern Defenses
XSS remains a top web vulnerability because output encoding is context-dependent. Here is how to get it right across HTML, JavaScript, URL, and CSS contexts.
Vue.js Security Best Practices
Securing Vue.js applications from template injection, XSS through v-html, and third-party plugin risks.
Angular Application Security Checklist
A practical security checklist for Angular applications covering XSS prevention, dependency management, and secure configuration.