<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>cross-site scripting &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/cross-site-scripting/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Tue, 21 Nov 2023 03:48:50 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>Email Security Flaw Found in the Wild</title>
		<link>https://noise.getoto.net/2023/11/21/email-security-flaw-found-in-the-wild/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 21 Nov 2023 12:05:07 +0000</pubDate>
				<category><![CDATA[cross-site scripting]]></category>
		<category><![CDATA[e-mail]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[vulnerabilities]]></category>
		<category><![CDATA[zero day]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68121</guid>

					<description><![CDATA[<p>Google’s Threat Analysis Group <a href="https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/">announced</a> a <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-37580">zero-day</a> against the Zimbra Collaboration email server that has been used against governments around the world.</p>
<blockquote><p>TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this activity occurred after the initial fix became public on Github. To ensure protection against these types of exploits, TAG urges users and organizations to keep software fully up-to-date and apply security updates as soon as they become available.</p></blockquote>
<p>The vulnerability was discovered in June. It has been patched...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 26/57 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-10 11:09:59 by W3 Total Cache
-->