Upserve : Reflected XSS on https://inventory.upserve.com/ (affects IE users only)

The REQUESTURI was assigned as the value of a hidden field in the login form without proper escaping resulting in a reflected cross-site scripting bug. Browsers were mitigating the issue and IE was only impacted if XSS protection was disabled. We've improved the sanitization of this field. The...

Dutch News site spread Malware on 100000 Computers

Dutch News site spread Malware on 100000 Computers Dutch popular news site NU.nl appears to be serving Java exploit drive-by malware to users of IE. Nu.nl has approximately one hour long served the Javascript code that attempted to provide visitors to the news site with a trojan to infect. The...