A severe stored cross-site scripting (XSS) flaw in the RustFS Console lets attackers steal admin S3 credentials, enabling full account takeovers. Published three days ago via GHSA-v9fg-3cr2-277j by overtrue, this vulnerability affects versions before 1.0.0-alpha.82. RustFS, a Rust-based file system with S3 compatibility, hosts its management console and S3 API on the same origin, creating […] The post Stored XSS Flaw in RustFS Console Leaks Admin S3 Credentials appeared first on Cyber Security News.