4 articles tagged with "Xss"
Microsoft confirms active exploitation of CVE-2026-42897, an XSS flaw in Exchange OWA that executes JavaScript via malicious emails. No patch available yet.
CVE-2026-20111 enables stored cross-site scripting attacks against administrators of Cisco Prime Infrastructure network management systems.
CyberArk exploited a vulnerability in the StealC infostealer's control panel to identify threat actors, steal session cookies, and track an operator who compromised 5,000 victims.
CVE-2026-22610 lets attackers inject JavaScript through SVG script attributes that Angular's sanitizer fails to recognize. Patches available for versions 19-21.