Previous
Cross-Site Scripting: Are Your Web Applications Vulnerable?
White Papers Although the security community has discussed the dangers of cross-site scripting attacks for years, the true dangers of these vulnerabilities have often been overlooked. The purpose of this paper is to educate both application developers and end...
[February 20, 2005, 23:00]
The Anatomy Of Cross Site Scripting
White Papers Cross site scripting (XSS) flaws are a relatively common issue in web application security, but they are still extremely lethal. While this is adequate for prevention, the exact impact of cross site scripting attacks has not been fully appreciated.
[February 21, 2005, 23:00]
A Web Developer's Guide To Cross-Site Scripting
White Papers Cross-site scripting attacks are those in which attackers inject malicious code, usually client-side scripts, into web applications from outside sources. This paper describes how cross-site scripting works and what makes an application vulnerable...
[February 21, 2005, 23:00]
TechNet Webcast: How Microsoft Online Services Defends Against Cross-Site Scripting Vulnerabilities (Level 200)
White Papers Cross-Site Scripting (XSS) vulnerabilities are a serious threat to providing Microsoft Online Services customers with a trustworthy computing experience. The attendee will learn how the Microsoft Anti-Cross Site Library provides product teams with...
[April 30, 2008, 0:00]
Google Develops Web App Security Tool
News Google is in the process of developing a security tool to automatically find cross-site scripting holes in its web applications. According to Google security team member Srinath Anantharaju, Lemon has been developed to detect cross-site scripting...
[July 19, 2007, 12:46]
Google Plugs Gmail Security Hole
News Three days after ethical hacker Petko Petkov announced his discovery of a cross-site scripting vulnerability in Gmail, Google says it has fixed the problem. Pure Hacking's Gatford said cross-site scripting vulnerabilities are gaining popularity...
[September 28, 2007, 12:23]
Google Closes Security Hole
News The flaw, known as a cross-site scripting vulnerability, existed on the Web site for Google's AdWords advertising program and a customer training site, according to security company Finjan Software, which discovered the problem.
[October 11, 2005, 10:00]
Crossing The Line: Ethics For The Security Professional
White Papers This paper describes how cross-site scripting works and what makes an application vulnerable, along with suggestions for developers about tools for discovering cross-site scripting vulnerabilities in their applications and recommended practices...
[February 21, 2005, 23:00]
Google Fixes Security Hole
News The flaw, known as a cross-site scripting vulnerability, existed because Google did not properly secure its mechanism for two error pages, according to Web security company Watchfire, which discovered the problem.
[December 22, 2005, 8:50]
Is Your Web Site Vulnerable?
Blog Allegedly, 60% of Web application tests performed for UK organisations showed that their Web sites contained weak encryption or cross-site scripting (XSS) vulnerabilities. Some applications are vulnerable to cross-site scripting attacks, which...
[April 10, 2008, 12:03]
Microsoft Stomps On New IE Bugs
News The software company called three of the flaws critical, but only one of them -- a cross-site scripting error that affects only Internet Explorer 6.0 -- would allow an attacker or a worm to run a program on the victim's computer.
[May 16, 2002, 8:41]
Google Desktop Flaws Get Patches
News One of the problems is a cross-site scripting flaw that could let an outsider look through files on a compromised machine. Hackers could use cross-site scripting to manipulate Google Desktop's functionality for their own ends, said Danny Allan...
[February 22, 2007, 8:44]
Bug Leaves Windows Open To Java Attack
News The three warnings, all issued on Wednesday, involve the Microsoft Virtual Machine for running Java applets on Windows; a cross-site scripting bug in a component of Windows 2000 and Windows NT 4.0; and a denial-of-service bug affecting Proxy...
[April 10, 2003, 11:30]
IE 5.5 Exploit Evades Security Feature
News It is very significant because cross site scripting was touted as a new security feature," says Greg Jones, senior security engineer with consultancy firm Information Risk Management. The "IE 5.5 Cross Frame security vulnerability" uses JavaScript...
[September 7, 2000, 15:26]
Firefox 3 Final Beta To Be Released In March
News A major security concern for browser developers is browser susceptibility to cross-site scripting attacks (XSS), where code that can exploit browser vulnerabilities is injected into web pages. People are building complicated [web-facing] mashups...
[February 26, 2008, 14:20]
IE Has Another Megapatch
News The first of the new threats is "Cross-site Scripting in Local HTML Resource" (CAN-2002-0189). Cross-Site Scripting in Local HTML Resource is critical for IE 6.0 clients and moderate for servers. GreyMagic contradicted Microsoft's statement that...
[May 28, 2002, 10:15]
Gmail Cookie Vulnerability Exposes User's Privacy
News According to Gatford, attackers could compromise a Gmail account — using a cross-site scripting [XSS] vulnerability — if the victim is logged in and clicks on a malicious link. The power of cross-site scripting
[September 27, 2007, 8:12]
Massive IE Phishing Exploit Discovered
News The vulnerability is caused by a cross-site scripting vulnerability in the DHTML Edit ActiveX control, but because the flaw is within the browser, it can be used against any Web site, Secunia said. People still don't realise the significant impact...
[December 17, 2004, 12:10]
Acrobat Flaw Opens Door To Attack
News This vulnerability makes it possible for cross-site-scripting (XSS) attacks to occur, to steal cookies, session information, or possibly create a XSS worm," he said. Such attacks in the past relied on flaws in websites, but with the Adobe Reader...
[January 4, 2007, 7:29]
JavaScript Bug-hunting Tool Revealed
News Jikto itself, for example, can be placed on a trusted site by exploiting a common web security hole known as a cross-site scripting flaw, he said. The whole point was to show how scary cross-site scripting has become," Hoffman said.
[March 26, 2007, 9:38]
