A critical vulnerability in HTTP/2 protocol implementations that allows attackers to bypass web security protections and execute arbitrary cross-site scripting (XSS) attacks against major websites. At the Network and Distributed System Security (NDSS) Symposium 2025, Tsinghua University researchers presented their findings, which identify two new attack vectors dubbed “CrossPUSH” and “CrossSXG” that exploit fundamental weaknesses […]
The post New Attack Bypasses HTTP/2 Security for Arbitrary Cross-Site Scripting appeared first on Cyber Security News.
This article has been indexed from Cyber Security News