Previous
The dangers of scripting flaws in IE
News Another threat is a cross-site scripting vulnerability. Microsoft has not yet released patches for these vulnerabilities, which mostly involve the way scripting is handled, but exploits are currently available on the Internet for hackers to use.
[December 15, 2003, 17:00]
Worms will breed in PHP hole, say experts
News With a survey estimating that a million Web sites are vulnerable to a set of newly discovered scripting flaws, security experts are predicting that a worm that uses the software bugs to spread could be on the way.
[March 5, 2002, 8:36]
Researcher kicks off 'Month of PHP Bugs'
News A security researcher has kicked off a project to put the spotlight on flaws in the widely used PHP scripting language. PHP, which originally stood for Personal Home Page, is a popular scripting language used to create dynamic web pages.
[March 5, 2007, 8:31]
Phishing hole 'left open' by banks
News Online criminals are increasingly using cross-site scripting flaws to inject their own code into legitimate Web page URLs, the network security services company said in a note posted on its site Monday.
[March 15, 2005, 7:55]
Yahoo site security issue addressed
News Cross-site scripting flaws are found regularly, including recently in Google's Web site and earlier this year in Microsoft's Xbox 360 site. The cross-site scripting vulnerability existed because Yahoo's Web site did not detect certain script tags...
[October 24, 2005, 10:10]
Yahoo mail flaws fixed
News The vulnerabilities are of a type known as cross-site scripting flaws, which typically take advantage of scripting languages and misconfigured Web servers to launch attacks against a user's computer. Yahoo fixed two flaws in its free mail system...
[August 20, 2004, 9:05]
Internet Explorer 6 scripting flaw discovered
News One of the flaws is a cross-site scripting vulnerability, allowing scripts from one security domain (such as the Internet) to execute with the security privileges of another domain (such as My Computer).
[November 28, 2003, 16:30]
Microsoft stomps on new IE bugs
News The software company called three of the flaws critical, but only one of them -- a cross-site scripting error that affects only Internet Explorer 6.0 -- would allow an attacker or a worm to run a program on the victim's computer.
[May 16, 2002, 8:41]
Hotmail threatened by MSN flaw
News Cross-site scripting flaws are errors in Web site design, not in Web browsers, and were discovered more than five years ago. The MSN Web site, http://ilovemessenger.msn.com/, contained a so-called cross-site scripting flaw, a Microsoft...
[June 7, 2005, 10:25]
Web ripe for massive worm attack
News One of the IIS flaws affects servers with activated HTR scripting -- an obsolete technology that has been replaced by Active Server Pages. Netcraft noted that around half of the IIS sites on the Internet have HTR scripting enabled, meaning they are...
[July 1, 2002, 12:21]
Apple stamps out 46 iPhone bugs
News The 46 flaws could allow an attacker to bypass security restrictions, shut down an application, disclose sensitive information, conduct cross-site scripting and cross-site request forgery attacks, or take over the device, Apple said in an advisory.
[June 18, 2009, 15:05]
Google fixes security hole
News Cross-site scripting flaws are found regularly. The flaw, known as a cross-site scripting vulnerability, existed because Google did not properly secure its mechanism for two error pages, according to Web security company Watchfire, which discovered...
[December 22, 2005, 8:50]
Apple patches two critical Safari bugs
News Apple has released an update for its Safari 4 web browser, which fixes two serious vulnerabilities that could allow an attacker to conduct a cross-site scripting attack or take over a user's system. This vulnerability could allow a website to...
[July 9, 2009, 15:08]
More flaws threaten Windows
News Another release detailed two flaws in the way Microsoft SQL Server handles the XML data exchange format, and a third release warned that Web servers with HTR scripting turned on are also in danger. HTR is an older, obsolete type of scripting now...
[June 13, 2002, 14:15]
Scripting flaw leaves sites vulnerable
News A flaw in the common open-source scripting language PHP could allow attackers to crash or compromise a hefty fraction of the nine million servers running the open-source Web software Apache, as well as other Web servers.
[February 28, 2002, 9:48]
JavaScript attack maps secure networks
News Site operators should fix cross-site scripting flaws and validate any user-submitted JavaScript. The scripting programming language is used on Web sites and is increasingly popular in recent years thanks to a programming technique known as AJAX...
[July 31, 2006, 9:00]
'Critical' Microsoft fix breaks some Net connections
News Problems occur only with dial-up connections that use a terminal window, or dial-up scripting, Microsoft said. Meanwhile, the company recommends that people who need to use dial-up scripting or terminal window features do not install the security...
[June 21, 2006, 10:05]
Berners-Lee: Web security a 'never-ending battle'
News Cross-site scripting attacks exploit JavaScript flaws to inject malicious code into a web page during a user's browser session. Technical means should be employed to mitigate current Web 2.0 threats, such as cross-site scripting attacks, he said...
[September 21, 2007, 14:37]
JavaScript bug-hunting tool revealed
News Jikto itself, for example, can be placed on a trusted site by exploiting a common web security hole known as a cross-site scripting flaw, he said. The whole point was to show how scary cross-site scripting has become," Hoffman said.
[March 26, 2007, 9:38]
Novell webmail product suffers cross-site flaws
News The second flaw, discovered by ProCheckUp security researcher Jan Fry, is a persistent cross-site scripting vulnerability in Novell GroupWise WebAccess. In cross-site scripting, what [an attacker] is trying to do is to steal the session," said Fry.
[January 30, 2009, 12:22]
