xss Resources

ZDNet Dictionary Definition

XSS: (CROSS-Site Scripting) Causing a user's Web browser to execute a malicious script. There are several ways this is done. One approach is to hide code in a...; Full XSS Definition >>

ZDNet Resources

Google fixes critical XSS vulnerability: All your accounting data are not belong to us. Hours after a proof of concept example detailing a XSS vulnetability at Google's account login page was posted at the XSS Project's clearing house, the company quickly took notice and fixed it. "Security researcher "Xylitol" is...; Tags: Google Inc., Vulnerability, XSS, XSSed, Security, Dancho Danchev; Blog posts 2008-11-12
HotJobs site flaw leads to Yahoo account theft: See update below for statement from Yahoo. Malicious hackers are exploiting a cross-site scripting flaw on Yahoo's HotJobs site to phish for Yahoo credentials, according to a warning from Netcraft. In the ongoing attack, Netcraft discovered that the vulnerability allows the attacker...; Tags: Attacker, Flaw, Yahoo! Inc., XSS, Authentication, HotJobs, Netcraft, Security, Ryan Naraine; Blog posts 2008-10-27
The open source opportunity in web advertising: Changes in IE8 and pre-beta comments aboujt IE9 suggest that the day is coming when pages assembled from multiple sources will always be considered untrusted and some of the content automatically removed. This poses a big problem for web advertisers and content assemblers - a problem that spells an...; Tags: Web, Web Advertising, Advertisement, Open Source, XSS, Advertiser, Phishing, Microsoft Windows, Cyberthreats, Security, Spam And Phishing, Operating Systems, Software, Paul Murphy; Blog posts 2008-10-02
Exploit code published for Apache Tomcat flaw: The United States Computer Emergency Response Team (US-CERT) has raised an alarm for a serious vulnerability in Apache Tomcat, warning that a proof-of-concept exploit is publicly available. The code, posted to Milw0rm.com, exploits a directory traversal vulnerability vulnerability in the way Apache Tomcat handles malformed requests. ...; Tags: HTTP, XSS, Apache Software Foundation, Exploit Code, Apache Tomcat, Flaw, Open Source, Application Servers, Middleware, Enterprise Software, Software, Ryan Naraine; Blog posts 2008-08-21
2008 Pwnie Award nominees announced: Well, after getting 134 nominations, and spending countless hours pulling out nominees, the judges for the 2008 Pwnie Awards have announced the final nominees to be voted on. From the site: The final list of nominees for the nine Pwnie Award categories is ...; Tags: Nominee, Vulnerability, XSS, Attack, Flaw, Dan, XSS Flaw, Lifelock, Security, Nathan McFeters; Blog posts 2008-07-21

Ounce Labs finds 2 security vulnerabilities in Spring framework: Code inspector Ounce Labs has identified two vulnerabilities in the open source Spring framework that exposes their enterprise applications to would-be hackers and hijackers. The two issues, ModelView Injection and Data Submission to Non-Editable Fields, affect only the MVC module of the Spring framework, which is used to...; Tags: Vulnerability, XSS, Framework, Ounce Labs, Spring, Security, Operational Planning, Databases, Business Operations, Enterprise Software, Software, Data Management, Paula Rooney; Blog posts 2008-07-16
XSS worm at Justin.tv infects 2,525 profiles: XSS worm at Justin.tv infects 2,525 profilesThe virus is impossible to findI see that they needed a proof of concept argument to have it studied then fixed.All computer problems stem from virus.Re: The virus is impossible to findXSS worms propagate using a site-specific vulnerability to do so. Fixing the vulnerability...; Tags: Cyberthreats, Viruses and worms, SECURITY, XSS worm, XSS, worm, PoC; Discussion threads 2008-07-14
XSS worm at Justin.tv infects 2,525 profiles: A XSS worm was crawling across Justin.tv, the popular lifecasting platform at the end of June, details of the incident emerged in the middle of last week. Basically, the group that found the XSS vulnerability abused it for the purpose of generating the following graph as a proof of concept,...; Tags: Vulnerability, XSS, Worm, Security, Dancho Danchev; Blog posts 2008-07-14
NoScript vs. Internet Explorer 8 Filters: NoScript plugin writer Giorgio Maone posted a commentary on IE 8's new filters, drawing comparisons to his own widely popular NoScript Firefox plugin. Maone writes: I'm happy to learn that IE8 is going to implement a less ambitious version of a feature which NoScript users have enjoyed for more than one...; Tags: Mozilla Firefox, XSS, Microsoft Internet Explorer, Attack, Maone, Nathan McFeters; Blog posts 2008-07-03
Multiple Facebook vulnerabilities reported on Full-Disclosure: Jouko Pynnonen posted a message to the Full-Disclosure mailing list today, citing multiple "script injection" vulnerabilities within Facebook. I'm not sure if this is a surprise to anybody out there, it's certainly not to me, as numerous web applications have major problems with Cross-site Scripting vulnerabilities, but I think this...; Tags: Facebook, Vulnerability, XSS, JavaScript, Microsoft Internet Explorer, Web Browser, Sandbox, JS, Canvas Page, Web Browsers, Internet, Nathan McFeters; Blog posts 2008-07-02
Firefox 2 dirty dozen: Critical vulnerabilities patched: Mozilla has shipped a high-priority update for Firefox 2, warning that there are at least five serious vulnerabilities that could lead to code execution attacks. With Firefox 2.0.0.15, Mozilla fixes at least 12 documented vulnerabilities -- five rated critical -- that could put users at risk...; Tags: Mozilla Firefox 3.0, Mozilla Firefox, Critical Vulnerability, XSS, Mozilla Firefox 2.0, MFSA, Web Browsers, Internet, Ryan Naraine; Blog posts 2008-07-02
Anti-malware blocker, cross-site scripting protections coming in IE 8: Anti-malware blocker, cross-site scripting protections coming in IE 8Once again......late to the game. The "alternate" browsers have had these for a while. Competition breeds improvement, apparently. ;)It will still suckBeing a MS product, it will still suck.RE: Anti-malware blocker, cross-site scripting protections coming in IE 8Why would...; Tags: Web browsers, cross-site scripting protection, Anti-malware blocker, Anti-Malware, IE 8, blocker, XSS, Microsoft Internet Explorer; Discussion threads 2008-07-02
PCI-DSS 1.1 points to outdated OWASP Top 10: OK, I'm not going to freak out about this too bad... I've already pointed out enough problems with PCI, but I did find it morbidly entertaining. My good friend Jeremiah Grossman pictured at right blogged today about the PCI-DSS 1.1 section 6.5, which covers "prevention of common coding vulnerabilities in...; Tags: XSS, PCI, Security, Storage, Hardware, Nathan McFeters; Blog posts 2008-07-02
Anti-malware blocker, cross-site scripting protections coming in IE 8: When Microsoft's Internet Explorer 8 hits the Beta 2 milestone in August, the browser makeover will feature a full-fledged anti-malware blocker and new protections against some forms of cross-site scripting attacks. The existing phishing filter IE 7 has been renamed SmartScreen Filter and will include blacklist-based blocking...; Tags: XSS, Microsoft Internet Explorer, SmartScreen Filter, Web Browsers, Internet, Ryan Naraine; Blog posts 2008-07-02
HSBC sites vulnerable to XSS flaws, could aid phishing attacks: HSBC sites vulnerable to XSS flaws, could aid phishing attacksHow many users understand or care....Your article raises a number of good points. But the best advice for not getting phished is to bookmark a secure page on the bank's website and use ONLY that bookmark to access your account....; Tags: Cyberthreats, Spam, Financial services, Web site development, Channel management, Viruses and worms, bank, phishing, Web, HSBC, Web site, XSS; Discussion threads 2008-06-30
HSBC sites vulnerable to XSS flaws, could aid phishing attacks: What would the perfect phishing attack from a social engineering perspective? The one that compared to using typosquatted domains impersonating the bank's web application directory structure is in fact using the bank's legitimate domain names as redirectors due to XSS flaws within. It's even more interesting to measure the average...; Tags: Bank, Vulnerability, XSS, Flaw, Phishing, Cyberthreats, Financial Services, Security, Viruses And Worms, Spam And Phishing, Dancho Danchev; Blog posts 2008-06-29
Internet Explorer 'feature' causing drive-by malware attacks: My colleague at Kaspersky Lab Roel Schouwenberg see disclosure has discovered a drive-by malware download taking advantage of what Microsoft describes as an Internet Explorer "feature" to launch cross-site scripting attacks. The attack, discovered at a compromised legitimate site, is using a modified GIF file to exploit...; Tags: GIF, XSS, Malware, Microsoft Internet Explorer, Microsoft Corp., Attack, Schouwenberg, Spyware, Adware & Malware, Cyberthreats, Security, Viruses And Worms, Ryan Naraine; Blog posts 2008-06-27
Yahoo swats serious cross-site scripting bug: Web application security firm Cenzic has flagged a serious cross-site scripting vulnerability affecting millions of Yahoo Mail users. The flaw, which was patched by Yahoo on June 13, opened the door for hackers to steal Yahoo identities and gain access to users' sensitive and private information. ...; Tags: Attacker, Yahoo! Inc., XSS, E-mail Providers, Security, Internet, Ryan Naraine; Blog posts 2008-06-25
Facebook vulnerable to critical XSS, could lead to malware attacks: Facebook vulnerable to critical XSS, could lead to malware attacksComputer science at Cal Tech should be able to fix itLet's use our country's high minds to solve these problems that the software writers,manufacturers and Government can't.What I thinkthat you, Danchev, and others are completely misfocused adolescents, to distribute this sort...; Tags: SECURITY, malware, XSS, vulnerability, flaw, Facebook; Discussion threads 2008-05-23
Facebook vulnerable to critical XSS, could lead to malware attacks: Facebook, the second most popular social networking site in the U.S according to Nielsen, is currently vulnerable to a critical XSS, allowing the injection and execution of malicious scripts within the popular site. As you can seen in the attached screenshot, the harmless injected scripts in the demonstration successfully load,...; Tags: Facebook, XSS, Malware, Attack, Spyware, Adware & Malware, Cyberthreats, Security, Viruses And Worms, Dancho Danchev; Blog posts 2008-05-23

<< Previous
page 1 of 4
Next >>

Content Types

Blog posts (35 results)

Discussion threads (14 results)

Download resources (2 results)

Software downloads (1 results)

Webcasts (6 results)

White papers (4 results)

Refining Tags

Security (29 results)

vulnerability (14 results)

Google Inc. (14 results)

Attack (13 results)

Ryan Naraine (12 results)

Nathan McFeters (11 results)

Internet (10 results)

Microsoft Corp. (9 results)

Mozilla Firefox (9 results)

Web (8 results)

Microsoft Internet Explorer (6 results)

Cyberthreats (5 results)

Malware (5 results)

Spam And Phishing (5 results)

Web Browsers (5 results)

Dancho Danchev (5 results)

Viruses and Worms (5 results)

attacker (4 results)

Google (4 results)

Tool (4 results)

Google Gmail (4 results)

Hacker (4 results)

Open source (3 results)

Bank (3 results)

Facebook (3 results)

Web Application (3 results)

worm (3 results)

E-mail Providers (3 results)

Software/Web Development (3 results)

Firefox (3 results)

Garett Rogers (3 results)

Web Site (3 results)

Exploit code (3 results)

Webcast (3 results)

Spyware, Adware & Malware (3 results)

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Fusion

There’s a new energy coming from the people of AMD. Its the power of Fusion.
Learn about the power of fusion at work and the industry-changing impact of accelerated computing.
View AMD video, case studies, blogs, forums, and more on ZDNet »

xss

Sponsored White Papers, Webcasts, and Downloads

ZDNet Dictionary Definition

ZDNet Resources

Content Types

Refining Tags

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Fusion

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads