Previous
XSS Injection
White Papers The main idea and theory behind XSS Injection is getting a malicious script one crafted, to run on a victim's computer via a specially crafted attack due to a vulnerability in the way a server side script parses and displays input data.
[February 14, 2009, 0:24]
Google patches XSS security flaw
News Google has patched a cross-site scripting (XSS) vulnerability in one of its web-hosting services. If left unpatched, the vulnerability could have allowed hackers to modify third-party Google documents and spreadsheets, and view mail subjects and...
[January 16, 2007, 14:32]
Browser flaws biggest software security risk
News The most common software flaws are now cross-site scripting (XSS) vulnerabilities, according to US Government organisation Mitre. XSS flaws have accounted for 21.5 percent of the vulnerabilities found in 2006 so far according to Mitre statistics.
[September 15, 2006, 18:00]
Security flaw threatens Cisco Web site
News Securiteam.com, an online security portal, have found a Cross-Site Scripting (XSS) vulnerability in the cisco.com Web site, according to an advisory. XSS vulnerabilities are at their most serious when user logins are involved.
[December 20, 2002, 9:17]
TechNet Webcast: How Microsoft Online Services Defends Against Cross-Site Scripting Vulnerabilities (Level 300)
White Papers Cross-Site Scripting (XSS) vulnerabilities are a serious threat to providing Microsoft Online Services customers with a trustworthy computing experience. This webcast explains how inconsistently or poorly integrated validated output can cause XSS...
[June 26, 2008, 1:01]
Protect your Web site from cross-site scripting attacks
White Papers Cross-site scripting (XSS) attacks, a method by which attackers embed HTML scripts either in Web postings (stored XSS) or input fields on a Web site (reflected XSS), are gaining popularity, most likely due to the relative ease with which they can...
[May 18, 2006, 1:00]
The Anatomy of Cross Site Scripting
White Papers Cross site scripting (XSS) flaws are a relatively common issue in web application security, but they are still extremely lethal. Many documents discuss the actual insertion of HTML into a vulnerable script, but stop short of explaining the full...
[February 21, 2005, 23:00]
Application-Level Attacks: Phishing and Session Hijacking (Level 300)
White Papers This webcast will provide in-depth demonstrations of a variety of Web application hacking techniques such as SQL Injection and Cross Site Scripting (XSS) and show how to identify whether an application is vulnerable to these types of attacks.
[February 11, 2005, 23:00]
Gmail cookie vulnerability exposes user's privacy
News According to Gatford, attackers could compromise a Gmail account — using a cross-site scripting [XSS] vulnerability — if the victim is logged in and clicks on a malicious link. In the last year or so, [XSS vulnerabilities] have been used by...
[September 27, 2007, 8:12]
Acrobat flaw opens door to attack
News This vulnerability makes it possible for cross-site-scripting (XSS) attacks to occur, to steal cookies, session information, or possibly create a XSS worm," he said. XSS attacks put online accounts at risk of hijack and feed information-thieving...
[January 4, 2007, 7:29]
Firefox vulnerable to Password Manager flaw
News As the page did not exhibit any signs of external content, such as cross-site scripting (XSS) or open redirects, it is "convincing, and even security-conscious users are at risk of becoming victims," said CIS.
[November 22, 2006, 13:26]
Browser flaws biggest software security risk
Talkback There ARE many XSS exploits on high profile sites as this article shows. http://www.darkreading.com/document.asp? doc_id=104313 It's just that us good guys are disclosing them. The problem isn't that there are many of them, but that they can be...
[September 22, 2006, 17:44]
Italian develops first multi-site web-mail worm
News An Italian security researcher this week has developed the first web-based email worm capable of taking advantage of cross site scripting (XSS) vulnerabilities in multiple web-mail services. Also other popular providers (for example Gmail, Yahoo...
[July 13, 2007, 9:31]
Google develops web app security tool
News It then iteratively supplies fault strings designed to expose XSS and other vulnerabilities to each input, and analyses the resulting responses for evidence of such vulnerabilities. XSS attacks generally work by injecting code into web applications...
[July 19, 2007, 12:46]
Businesses warned over Web 2.0 security
News Cross-site scripting (XSS) involves injecting malicious code into pages served by other domains. An attacker can gain access privileges to sensitive page content and session cookies by exploiting XSS vulnerabilities.
[March 26, 2007, 16:37]
CyD Network Utilities
Downloads The main module is a Security tester that allows you to test WEB server or WEB site on SQL Injection errors, include errors, and XSS injection. CyD Network Utilities is a set of network tools useful in diagnosing networks and monitoring your...
[October 12, 2009, 8:21]
Acunetix Web Vulnerability Scanner
Downloads Acunetix WVS automatically checks your web applications for SQL Injection, XSS other web vulnerabilities. Audit your website security with Acunetix Web Vulnerability Scanner Hackers are concentrating their efforts on attacking applications in your...
[December 17, 2008, 7:54]
MoD site carried cross-site scripting flaw
News Bukowski posted proof-of concept code, plus a screenshot of the MoD website following code insertion, which had altered the site to read 'XSS by Team Elite', and a message to Bukowski from the MoD site administrator saying the department would...
[August 11, 2009, 15:33]
Mozilla updates fix critical Firefox flaws
News Titled 'Privilege escalation using feed preview page and XSS flaw'. On Wednesday, Mozilla released Firefox 2.0.017 and Firefox 3.0.2, updated versions of its browser, to address numerous security vulnerabilities.
[September 25, 2008, 10:39]
JavaScript plus AJAX equals trouble review
Reviews Most often, XSS attacks lead to cookie theft, keylogging, screen scraping and even malicious requests. Cross-site scripting (XSS), which has been around for years, injects script (either JavaScript or VBScript) into a user's browser.
[August 21, 2006, 15:00]
