#ITSecurityRisk

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

by

July 29, 2024 at 10:50AM Recent security research by Salt Security’s Salt Labs revealed critical API security flaws in both Hotjar and Business Insider, exposing millions of users to potential account takeover. The flaws involve manipulating the OAuth standard with cross-site scripting, potentially enabling attackers to access sensitive data. The researchers warn that similar vulnerabilities … Read more

Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw

by

July 29, 2024 at 08:18AM Salt Labs, the research arm of API security firm Salt Security, has uncovered a cross-site scripting (XSS) attack affecting numerous websites, including major companies like HotJar and Business Insider. The attack exploits OAuth implementation, potentially leading to complete account takeovers. Salt Labs released its findings and a free scanner to … Read more