Previous
MoD site carried cross-site scripting flaw
News The cross-site scripting flaw could have allowed malicious code injection on the site, and could have led to visitors being redirected to a malicious site. Team Elite member Maciej Bukowski, who uses the handle [-TE-]-Neo, posted details of the MoD...
[August 11, 2009, 15:33]
TechNet Webcast: How Microsoft Online Services Defends Against Cross-Site Scripting Vulnerabilities (Level 300)
White Papers Cross-Site Scripting (XSS) vulnerabilities are a serious threat to providing Microsoft Online Services customers with a trustworthy computing experience. The attendee will learn how the Microsoft Anti-Cross Site Library provides product teams with...
[June 26, 2008, 1:01]
Protect your Web site from cross-site scripting attacks
White Papers Cross-site scripting (XSS) attacks, a method by which attackers embed HTML scripts either in Web postings (stored XSS) or input fields on a Web site (reflected XSS), are gaining popularity, most likely due to the relative ease with which they can...
[May 18, 2006, 1:00]
The Anatomy of Cross Site Scripting
White Papers Cross site scripting (XSS) flaws are a relatively common issue in web application security, but they are still extremely lethal. While this is adequate for prevention, the exact impact of cross site scripting attacks has not been fully appreciated.
[February 21, 2005, 23:00]
Microsoft Windows 2000 Patch: Indexing Service Cross Site Scripting
Downloads This update resolves the "Indexing Services Cross Site Scripting" vulnerability in Indexing Services for Windows 2000 and is discussed in Microsoft Security Bulletin MS00-084. Indexing Services does not properly validate all search inputs before...
[November 5, 2000, 6:00]
Google plugs Gmail security hole
News Three days after ethical hacker Petko Petkov announced his discovery of a cross-site scripting vulnerability in Gmail, Google says it has fixed the problem. Pure Hacking's Gatford said cross-site scripting vulnerabilities are gaining popularity...
[September 28, 2007, 12:23]
Google develops web app security tool
News Google is in the process of developing a security tool to automatically find cross-site scripting holes in its web applications. According to Google security team member Srinath Anantharaju, Lemon has been developed to detect cross-site scripting...
[July 19, 2007, 12:46]
Google closes security hole
News The flaw, known as a cross-site scripting vulnerability, existed on the Web site for Google's AdWords advertising program and a customer training site, according to security company Finjan Software, which discovered the problem.
[October 11, 2005, 10:00]
Google fixes security hole
News The flaw, known as a cross-site scripting vulnerability, existed because Google did not properly secure its mechanism for two error pages, according to Web security company Watchfire, which discovered the problem.
[December 22, 2005, 8:50]
Microsoft Internet Explorer 5.5 SP1 Cumulative Patch
Downloads In addition, it eliminates the following six newly discovered vulnerabilities: A cross-site scripting vulnerability in a Local HTML Resource. One of these files contains a cross-site scripting vulnerability that could allow a script to execute as...
[May 16, 2002, 8:00]
Is Your Web Site Vulnerable?
Blog Allegedly, 60% of Web application tests performed for UK organisations showed that their Web sites contained weak encryption or cross-site scripting (XSS) vulnerabilities. Some applications are vulnerable to cross-site scripting attacks, which...
[April 10, 2008, 12:03]
Apple stamps out 46 iPhone bugs
News The 46 flaws could allow an attacker to bypass security restrictions, shut down an application, disclose sensitive information, conduct cross-site scripting and cross-site request forgery attacks, or take over the device, Apple said in an advisory.
[June 18, 2009, 15:05]
Microsoft stomps on new IE bugs
News The software company called three of the flaws critical, but only one of them -- a cross-site scripting error that affects only Internet Explorer 6.0 -- would allow an attacker or a worm to run a program on the victim's computer.
[May 16, 2002, 8:41]
Google Desktop flaws get patches
News One of the problems is a cross-site scripting flaw that could let an outsider look through files on a compromised machine. Hackers could use cross-site scripting to manipulate Google Desktop's functionality for their own ends, said Danny Allan...
[February 22, 2007, 8:44]
Bug leaves Windows open to Java attack
News The three warnings, all issued on Wednesday, involve the Microsoft Virtual Machine for running Java applets on Windows; a cross-site scripting bug in a component of Windows 2000 and Windows NT 4.0; and a denial-of-service bug affecting Proxy...
[April 10, 2003, 11:30]
IE 5.5 exploit evades security feature
News It is very significant because cross site scripting was touted as a new security feature," says Greg Jones, senior security engineer with consultancy firm Information Risk Management. The "IE 5.5 Cross Frame security vulnerability" uses JavaScript...
[September 7, 2000, 15:26]
Firefox 3 final beta to be released in March
News A major security concern for browser developers is browser susceptibility to cross-site scripting attacks (XSS), where code that can exploit browser vulnerabilities is injected into web pages. People are building complicated [web-facing] mashups...
[February 26, 2008, 14:20]
Netcraft warns of phishing flaw on Yahoo HotJobs
News Clicking on a link that includes specially formatted JavaScript code can cause the website to run a program because of a cross-site scripting vulnerability, Netcraft said. The team was made aware of this particular cross-site scripting issue...
[October 28, 2008, 7:23]
IE has another megapatch
News The first of the new threats is "Cross-site Scripting in Local HTML Resource" (CAN-2002-0189). Cross-Site Scripting in Local HTML Resource is critical for IE 6.0 clients and moderate for servers. GreyMagic contradicted Microsoft's statement that...
[May 28, 2002, 10:15]
McAfee websites found to contain security holes
News The McAfee sites were found to be vulnerable to cross-site scripting attacks and cross-site request forgery attacks that could lead to phishing attacks on customers who think they are visiting the security vendor's site, according to an article on...
[May 6, 2009, 12:56]
