Previous
TechNet Webcast: How Microsoft Online Services Defends Against Cross-Site Scripting Vulnerabilities (Level 300)
White Papers Cross-Site Scripting (XSS) vulnerabilities are a serious threat to providing Microsoft Online Services customers with a trustworthy computing experience. The attendee will learn how the Microsoft Anti-Cross Site Library provides product teams with...
[June 26, 2008, 1:01]
Novell webmail product suffers cross-site flaws
News Two cross-site vulnerabilities exist in Novell's GroupWise WebAccess webmail application, a London-based penetration-testing company has claimed. ProCheckUp published an advisory about one of the flaws, a cross-site request forgery vulnerability in...
[January 30, 2009, 12:22]
The Anatomy of Cross Site Scripting
White Papers Cross site scripting (XSS) flaws are a relatively common issue in web application security, but they are still extremely lethal. While this is adequate for prevention, the exact impact of cross site scripting attacks has not been fully appreciated.
[February 21, 2005, 23:00]
MoD site carried cross-site scripting flaw
News The cross-site scripting flaw could have allowed malicious code injection on the site, and could have led to visitors being redirected to a malicious site. Team Elite member Maciej Bukowski, who uses the handle [-TE-]-Neo, posted details of the MoD...
[August 11, 2009, 15:33]
Microsoft Windows 2000 Patch: Indexing Service Cross Site Scripting
Downloads This update resolves the "Indexing Services Cross Site Scripting" vulnerability in Indexing Services for Windows 2000 and is discussed in Microsoft Security Bulletin MS00-084. Indexing Services does not properly validate all search inputs before...
[November 5, 2000, 6:00]
Protect your Web site from cross-site scripting attacks
White Papers Cross-site scripting (XSS) attacks, a method by which attackers embed HTML scripts either in Web postings (stored XSS) or input fields on a Web site (reflected XSS), are gaining popularity, most likely due to the relative ease with which they can...
[May 18, 2006, 1:00]
Google develops web app security tool
News Google is in the process of developing a security tool to automatically find cross-site scripting holes in its web applications. According to Google security team member Srinath Anantharaju, Lemon has been developed to detect cross-site scripting...
[July 19, 2007, 12:46]
Google closes security hole
News The flaw, known as a cross-site scripting vulnerability, existed on the Web site for Google's AdWords advertising program and a customer training site, according to security company Finjan Software, which discovered the problem.
[October 11, 2005, 10:00]
Google plugs Gmail security hole
News Three days after ethical hacker Petko Petkov announced his discovery of a cross-site scripting vulnerability in Gmail, Google says it has fixed the problem. Pure Hacking's Gatford said cross-site scripting vulnerabilities are gaining popularity...
[September 28, 2007, 12:23]
Phishing hole 'left open' by banks
News Online criminals are increasingly using cross-site scripting flaws to inject their own code into legitimate Web page URLs, the network security services company said in a note posted on its site Monday.
[March 15, 2005, 7:55]
Google fixes security hole
News The flaw, known as a cross-site scripting vulnerability, existed because Google did not properly secure its mechanism for two error pages, according to Web security company Watchfire, which discovered the problem.
[December 22, 2005, 8:50]
Firefox vulnerable to Password Manager flaw
News Dubbed a Reverse Cross Site Request vulnerability (RCSR) by its discoverer Robert Chapin, the flaw allows hackers to compromise users' passwords and usernames by presenting them with a fake login form.
[November 22, 2006, 13:26]
Is Your Web Site Vulnerable?
Blog Allegedly, 60% of Web application tests performed for UK organisations showed that their Web sites contained weak encryption or cross-site scripting (XSS) vulnerabilities. Some applications are vulnerable to cross-site scripting attacks, which...
[April 10, 2008, 12:03]
Blue Cross and Blue Shield of Minnesota Improves Timeliness of Web Content and Reduces IT Complexity
White Papers Blue Cross and Blue Shield implemented Oracle Universal Content Management to improve the quality of Web and intranet content, and simplify the process for making site updates as well as enabled business managers to update Web content without...
[October 11, 2008, 1:01]
Apple stamps out 46 iPhone bugs
News The 46 flaws could allow an attacker to bypass security restrictions, shut down an application, disclose sensitive information, conduct cross-site scripting and cross-site request forgery attacks, or take over the device, Apple said in an advisory.
[June 18, 2009, 15:05]
Netcraft warns of phishing flaw on Yahoo HotJobs
News Clicking on a link that includes specially formatted JavaScript code can cause the website to run a program because of a cross-site scripting vulnerability, Netcraft said. The team was made aware of this particular cross-site scripting issue...
[October 28, 2008, 7:23]
Microsoft stomps on new IE bugs
News The software company called three of the flaws critical, but only one of them -- a cross-site scripting error that affects only Internet Explorer 6.0 -- would allow an attacker or a worm to run a program on the victim's computer.
[May 16, 2002, 8:41]
Firefox 3 final beta to be released in March
News The final Firefox 3 beta release will address issues including memory usage and cross-site XML HTTP requests. A major security concern for browser developers is browser susceptibility to cross-site scripting attacks (XSS), where code that can...
[February 26, 2008, 14:20]
Google Desktop flaws get patches
News One of the problems is a cross-site scripting flaw that could let an outsider look through files on a compromised machine. Hackers could use cross-site scripting to manipulate Google Desktop's functionality for their own ends, said Danny Allan...
[February 22, 2007, 8:44]
Bug leaves Windows open to Java attack
News The three warnings, all issued on Wednesday, involve the Microsoft Virtual Machine for running Java applets on Windows; a cross-site scripting bug in a component of Windows 2000 and Windows NT 4.0; and a denial-of-service bug affecting Proxy...
[April 10, 2003, 11:30]
