Previous
Cross-Site Scripting: Are Your Web Applications Vulnerable?
White Papers Although the security community has discussed the dangers of cross-site scripting attacks for years, the true dangers of these vulnerabilities have often been overlooked. The purpose of this paper is to educate both application developers and end...
[February 20, 2005, 23:00]
TechNet Webcast: How Microsoft Online Services Defends Against Cross-Site Scripting Vulnerabilities (Level 200)
White Papers Cross-Site Scripting (XSS) vulnerabilities are a serious threat to providing Microsoft Online Services customers with a trustworthy computing experience. The attendee will learn how the Microsoft Anti-Cross Site Library provides product teams with...
[April 30, 2008, 0:00]
A Web Developer's Guide To Cross-Site Scripting
White Papers Cross-site scripting attacks are those in which attackers inject malicious code, usually client-side scripts, into web applications from outside sources. This paper describes how cross-site scripting works and what makes an application vulnerable...
[February 21, 2005, 23:00]
The Anatomy Of Cross Site Scripting
White Papers Cross site scripting (XSS) flaws are a relatively common issue in web application security, but they are still extremely lethal. While this is adequate for prevention, the exact impact of cross site scripting attacks has not been fully appreciated.
[February 21, 2005, 23:00]
Google Develops Web App Security Tool
News Google is in the process of developing a security tool to automatically find cross-site scripting holes in its web applications. According to Google security team member Srinath Anantharaju, Lemon has been developed to detect cross-site scripting...
[July 19, 2007, 12:46]
Google Plugs Gmail Security Hole
News Three days after ethical hacker Petko Petkov announced his discovery of a cross-site scripting vulnerability in Gmail, Google says it has fixed the problem. Pure Hacking's Gatford said cross-site scripting vulnerabilities are gaining popularity...
[September 28, 2007, 12:23]
Google Closes Security Hole
News The flaw, known as a cross-site scripting vulnerability, existed on the Web site for Google's AdWords advertising program and a customer training site, according to security company Finjan Software, which discovered the problem.
[October 11, 2005, 10:00]
Phishing Hole 'left Open' By Banks
News Online criminals are increasingly using cross-site scripting flaws to inject their own code into legitimate Web page URLs, the network security services company said in a note posted on its site Monday.
[March 15, 2005, 7:55]
Mixed-Mode Site Consolidation In Microsoft Exchange Server 2003 Service Pack 1
White Papers This webcast session introduces the new mixed-mode cross-site move mailbox functionality that is introduced in Microsoft Exchange Server 2003 Service Pack 1 (SP1). Site consolidation includes cross-site mailbox moves and some other cleanup steps.
[September 10, 2004, 0:00]
Google Fixes Security Hole
News The flaw, known as a cross-site scripting vulnerability, existed because Google did not properly secure its mechanism for two error pages, according to Web security company Watchfire, which discovered the problem.
[December 22, 2005, 8:50]
Crossing The Line: Ethics For The Security Professional
White Papers This paper describes how cross-site scripting works and what makes an application vulnerable, along with suggestions for developers about tools for discovering cross-site scripting vulnerabilities in their applications and recommended practices...
[February 21, 2005, 23:00]
Firefox Vulnerable To Password Manager Flaw
News Dubbed a Reverse Cross Site Request vulnerability (RCSR) by its discoverer Robert Chapin, the flaw allows hackers to compromise users' passwords and usernames by presenting them with a fake login form.
[November 22, 2006, 13:26]
Is Your Web Site Vulnerable?
Blog Allegedly, 60% of Web application tests performed for UK organisations showed that their Web sites contained weak encryption or cross-site scripting (XSS) vulnerabilities. Some applications are vulnerable to cross-site scripting attacks, which...
[April 10, 2008, 12:03]
Microsoft Stomps On New IE Bugs
News The software company called three of the flaws critical, but only one of them -- a cross-site scripting error that affects only Internet Explorer 6.0 -- would allow an attacker or a worm to run a program on the victim's computer.
[May 16, 2002, 8:41]
Firefox 3 Final Beta To Be Released In March
News The final Firefox 3 beta release will address issues including memory usage and cross-site XML HTTP requests. A major security concern for browser developers is browser susceptibility to cross-site scripting attacks (XSS), where code that can...
[February 26, 2008, 14:20]
Google Desktop Flaws Get Patches
News One of the problems is a cross-site scripting flaw that could let an outsider look through files on a compromised machine. Hackers could use cross-site scripting to manipulate Google Desktop's functionality for their own ends, said Danny Allan...
[February 22, 2007, 8:44]
Bug Leaves Windows Open To Java Attack
News The three warnings, all issued on Wednesday, involve the Microsoft Virtual Machine for running Java applets on Windows; a cross-site scripting bug in a component of Windows 2000 and Windows NT 4.0; and a denial-of-service bug affecting Proxy...
[April 10, 2003, 11:30]
IE 5.5 Exploit Evades Security Feature
News It is very significant because cross site scripting was touted as a new security feature," says Greg Jones, senior security engineer with consultancy firm Information Risk Management. The "IE 5.5 Cross Frame security vulnerability" uses JavaScript...
[September 7, 2000, 15:26]
British Charities Missing The Online Buck
News The British Red Cross, in charge of the international rescue operation , currently has no facilities for donations over its Web site, even though it has been inundated with telephone donations. A spokesman for the Red Cross said this was due to a...
[August 20, 1999, 11:30]
IE Has Another Megapatch
News The first of the new threats is "Cross-site Scripting in Local HTML Resource" (CAN-2002-0189). Cross-Site Scripting in Local HTML Resource is critical for IE 6.0 clients and moderate for servers. GreyMagic contradicted Microsoft's statement that...
[May 28, 2002, 10:15]
