A stored cross-site scripting (XSS) vulnerability found in a popular comments widget exposed a large number of websites to attacks. The security hole was quickly patched by the product’s developers. A 14-year-old security enthusiast named Ibram Marzouk recently discovered a stored XSS flaw in the comments section of code snippet marketplace PasteCoin.
View full story
ORIGINAL SOURCE: Security Week