The way the Square API delivers JSON output makes it possible for an attacker to engage in a cross-site scripting (XSS) under certain circumstances. The vulnerability was discovered by security researcher Ajay Chavda and reported to Square on August 7, 2015 through its bounty program on hackerone.
Real-time network PubNub has solidified its move into the connected car market with a winning app designed for Ford. Announced at last week's Consumer Electronics Show (CES), the winning integration by PubNub took Ford's dashboard API and created a real-time dispatch app. ProgrammableWeb spoke with both PubNub and Ford about how developers are partnering with car manufacturers to build out the connected car ecosystem.