Google Patches XSS Security Flaw
News Google has patched a cross-site scripting (XSS) vulnerability in one of its web-hosting services. If left unpatched, the vulnerability could have allowed hackers to modify third-party Google documents and spreadsheets, and view mail subjects and...
[January 16, 2007, 14:32]
Browser Flaws Biggest Software Security Risk
News The most common software flaws are now cross-site scripting (XSS) vulnerabilities, according to US Government organisation Mitre. XSS flaws have accounted for 21.5 percent of the vulnerabilities found in 2006 so far according to Mitre statistics.
[September 15, 2006, 18:00]
Security Flaw Threatens Cisco Web Site
News Securiteam.com, an online security portal, have found a Cross-Site Scripting (XSS) vulnerability in the cisco.com Web site, according to an advisory. XSS vulnerabilities are at their most serious when user logins are involved.
[December 20, 2002, 9:17]
The Anatomy Of Cross Site Scripting
White Papers Cross site scripting (XSS) flaws are a relatively common issue in web application security, but they are still extremely lethal. Many documents discuss the actual insertion of HTML into a vulnerable script, but stop short of explaining the full...
[February 21, 2005, 23:00]
TechNet Webcast: How Microsoft Online Services Defends Against Cross-Site Scripting Vulnerabilities (Level 200)
White Papers Cross-Site Scripting (XSS) vulnerabilities are a serious threat to providing Microsoft Online Services customers with a trustworthy computing experience. This webcast explains how inconsistently or poorly integrated validated output can cause XSS...
[April 30, 2008, 0:00]
Application-Level Attacks: Phishing And Session Hijacking (Level 300)
White Papers This webcast will provide in-depth demonstrations of a variety of Web application hacking techniques such as SQL Injection and Cross Site Scripting (XSS) and show how to identify whether an application is vulnerable to these types of attacks.
[February 11, 2005, 23:00]
Gmail Cookie Vulnerability Exposes User's Privacy
News According to Gatford, attackers could compromise a Gmail account — using a cross-site scripting [XSS] vulnerability — if the victim is logged in and clicks on a malicious link. In the last year or so, [XSS vulnerabilities] have been used by...
[September 27, 2007, 8:12]
Acrobat Flaw Opens Door To Attack
News This vulnerability makes it possible for cross-site-scripting (XSS) attacks to occur, to steal cookies, session information, or possibly create a XSS worm," he said. XSS attacks put online accounts at risk of hijack and feed information-thieving...
[January 4, 2007, 7:29]
Firefox Vulnerable To Password Manager Flaw
News As the page did not exhibit any signs of external content, such as cross-site scripting (XSS) or open redirects, it is "convincing, and even security-conscious users are at risk of becoming victims," said CIS.
[November 22, 2006, 13:26]
Browser Flaws Biggest Software Security Risk
Talkback There ARE many XSS exploits on high profile sites as this article shows. http://www.darkreading.com/document.asp? doc_id=104313 It's just that us good guys are disclosing them. The problem isn't that there are many of them, but that they can be...
[September 22, 2006, 17:44]
Italian Develops First Multi-site Web-mail Worm
News An Italian security researcher this week has developed the first web-based email worm capable of taking advantage of cross site scripting (XSS) vulnerabilities in multiple web-mail services. Also other popular providers (for example Gmail, Yahoo...
[July 13, 2007, 9:31]
Google Develops Web App Security Tool
News It then iteratively supplies fault strings designed to expose XSS and other vulnerabilities to each input, and analyses the resulting responses for evidence of such vulnerabilities. XSS attacks generally work by injecting code into web applications...
[July 19, 2007, 12:46]
Businesses Warned Over Web 2.0 Security
News Cross-site scripting (XSS) involves injecting malicious code into pages served by other domains. An attacker can gain access privileges to sensitive page content and session cookies by exploiting XSS vulnerabilities.
[March 26, 2007, 16:37]
Is Your Web Site Vulnerable?
Blog Allegedly, 60% of Web application tests performed for UK organisations showed that their Web sites contained weak encryption or cross-site scripting (XSS) vulnerabilities. NTA Monitor recently released some statistics which are enough to put the...
[April 10, 2008, 12:03]
Firefox 3 Final Beta To Be Released In March
News A major security concern for browser developers is browser susceptibility to cross-site scripting attacks (XSS), where code that can exploit browser vulnerabilities is injected into web pages. Firefox 3 edges closer to release, with the fourth and...
[February 26, 2008, 14:20]
