AI Chrome Extensions SiderAI and MaxAI Expose 10M Users
Spyder and MaXSS vulnerabilities in popular AI browser extensions allow full session hijacking. Exploitation requires only visiting a malicious webpage.
7 articles tagged with "Xss"
Spyder and MaXSS vulnerabilities in popular AI browser extensions allow full session hijacking. Exploitation requires only visiting a malicious webpage.
Microsoft releases CVE-2026-42897 fix for Exchange Server OWA XSS vulnerability exploited since May. ESU-only updates for 2016/2019 leave many systems exposed.
Microsoft Exchange Server zero-day CVE-2026-42897 enables session hijacking via malicious emails. Active exploitation confirmed with no permanent fix available.
Microsoft confirms active exploitation of CVE-2026-42897, an XSS flaw in Exchange OWA that executes JavaScript via malicious emails. No patch available yet.
CVE-2026-20111 enables stored cross-site scripting attacks against administrators of Cisco Prime Infrastructure network management systems.
CyberArk exploited a vulnerability in the StealC infostealer's control panel to identify threat actors, steal session cookies, and track an operator who compromised 5,000 victims.
CVE-2026-22610 lets attackers inject JavaScript through SVG script attributes that Angular's sanitizer fails to recognize. Patches available for versions 19-21.