A Web security researcher has disclosed cross-site scripting weaknesses in the two most popular Facebook applications. He claims to have found similar flaws affecting other apps as well, including an SQL injection vulnerability in a Facebook-verified one.The self-confessed white hat hacker goes by the online handle o... |
3 September 2009
05:53 GMT |
 |
|
After a critical Twitter cross-site scripting vulnerability was recently discovered and reported on, the website's security team rushed to address it. Subsequent scrutiny of the patch exposed it as being a seriously inadequate fix that can be circumvented with ease to continue injecting malicious code into tweet... |
27 August 2009
03:56 GMT |
|
|
A blogger trying to bypass Twitter's new nofollow policy for oauth client application links stumbled upon a massive persistent cross-site scripting (XSS) vulnerability, which allowed him to insert potentially malicious JavaScript code into a tweet. The vulnerability could have been leveraged to steal session coo... |
26 August 2009
04:46 GMT |
|
|
Security engineers from Mozilla want to tackle cross-site scripting attacks with a new technology they call the Content Security Policy (CSP). This new specification would allow websites to set directives that enforce certain restrictions over what content the CSP-aware browsers trust. Cross-site scripting, also kno... |
24 June 2009
07:50 GMT |
|
|
A grey-hat hacker going by the online handle of Vektor has disclosed several cross-site scripting vulnerabilities in several pages of the IFPI website. According to the report, Sage Pay, the payment service provider used by the IFPI and many other websites, is actually responsible for some of the flaws. Vektor is a ... |
18 May 2009
06:10 GMT |
|
|
A hacker has disclosed several XSS flaws on free-av.com, online home to the free version of Avira AntiVir. The vulnerabilities that could have been used for redirection or hijacking session cookies have been patched by the antivirus vendor. The bugs in the Avira-controlled website have been discovered by a hacker go... |
25 February 2009
06:56 GMT |
|
|
Kaspersky Labs' website security comes under scrutiny again by vulnerability hunters, after a SQL injection vulnerability has been recently found. An ethical hacker has disclosed that three different pages from the German section of the Kaspersky website are vulnerable to cross-site scripting attacks. A hacker ... |
23 February 2009
05:28 GMT |
|
|
A new cross-site scripting vulnerability affecting the Facebook social networking website has been disclosed on the XSSed project's website. The flaw allows for injection of potentially malicious code. The XSSed project tracks XSS vulnerabilities and its archive contains over 30,000 of documented such flaws affe... |
5 January 2009
10:08 GMT |
|
|
Security researcher Russ McRee published on his blog details about a critical unpatched cross-site scripting vulnerability affecting the American Express website. He claims that he resorted to this after failing for two weeks to convince the company to fix it, despite significant efforts. According to Mr. McRee, he ... |
17 December 2008
09:15 GMT |
|
|
The XSSed project made public four different cross-site scripting vulnerabilities discovered by individual security researchers. The flaws affect the developers, applications, user registration, and iPhone login pages. The XSSed project is an important source of information regarding cross-site scripting (XSS) attac... |
16 December 2008
06:42 GMT |
|
|
