|
Home > News > Tags > XSS weakness
|
|
30
Stories about: XSS weakness |
|
|
Researchers from a French security consultancy company called Wargan Solutions have discovered three cross-site request forgery (CSRF) and two cross-site scripting (XSS) vulnerabilities on Facebook and used them to built two proof-of-concept information stealing worms. CSRF vulnerabilities can be exploited by forcin... |
5 October 2010
03:01 GMT |
 |
|
A cross-site scripting (XSS) vulnerability, which could be used to enhance phishing and other attacks, has been identified on the usa.visa.com website.The weakness was reported yesterday to the XSSed Project by a security researcher, who goes by the online handle of d3v1l.D3v1l's track record involves finding si... |
20 September 2010
07:44 GMT |
|
|
A Romanian security researcher has discovered multiple cross-site scripting (XSS) weaknesses in several localized MSN websites, which allow for session cookie hijacking and IFrame injection.The bugs were discovered on various websites hosted in sub-sections on ca.msn.com, fr.msn.com, be.msn.com and fi.msn.com.Cross-s... |
19 August 2010
16:22 GMT |
|
|
RBS WorldPay is currently banging heads with a grey hat hacker over the seriousness of SQL injection vulnerabilities that he discovered on its websites. Meanwhile, another web developer exposed a cross-site scripting weakness in a site belonging to the company in order to prove that its efforts to mitigate XSS are no... |
12 September 2009
04:26 GMT |
|
|
Self-confessed ethical hacking outfit Team Elite has recently reported cross-site scripting (XSS) weaknesses in not one, but four different Visa websites. All of the vulnerabilities allowed attackers to prompt arbitrary JavaScript alerts. The XSS vulnerabilities were reported by a grey-hat hacker calling himself Met... |
27 May 2009
08:17 GMT |
|
|
A cross-site scripting vulnerability discovered in the website of RBS WorldPay allows attackers to launch efficient phishing attacks against customers. The same flaw can also be exploited to serve malware or prompt rogue alerts. The XSS weakness has been discovered and documented by a Team Elite member, going by the... |
23 May 2009
06:22 GMT |
|
|
Cross-site scripting weaknesses have been discovered in two websites belonging to the Bank of America and U.S. Bank. The flaws facilitate potential phishing attacks, because they allow attackers to inject IFrames, hijack sessions, or prompt arbitrary alerts. Cross-site scripting, more commonly known as XSS, is a cla... |
21 May 2009
04:16 GMT |
|
|
Dangerous cross-site scripting vulnerabilities have been discovered in several PayPal websites, potentially facilitating phishing and other attacks. One of the proof-of-concept attacks demonstrates how an arbitrary IFrame can be injected into the PayPal merchant account registration form, over SSL. The vulnerabiliti... |
13 May 2009
06:11 GMT |
|
|
A self-confessed web security researcher going by the online handle "Inferno" has published details of a serious XSS vulnerability in Google’s Support Python Script, which could have facilitated a wide variety of attacks, including session hijacking. Because of the widespread use of the vulnerable script on Goo... |
13 May 2009
04:18 GMT |
|
|
Websites belonging to no less than six antivirus vendors have been found to suffer from cross-site scripting weaknesses that could facilitate phishing attacks. Most of these companies were faced with similar flaws affecting their online resources in the past. A grey-hat hacker, going by the name of Methodman, who se... |
11 May 2009
06:26 GMT |
|
|
A self-confessed white-hat hacker has published proof-of-concept attacks against websites connected to global IT security vendor McAfee. XSS vulnerabilities allow for an IFrame injection and rogue redirection. Methodman, a member of the Team Elite programming outfit, has published screenshots of the flaws he found i... |
4 May 2009
05:54 GMT |
|
|
A white-hat hacker going by the nickname of Vektor has located several cross-site scripting vulnerabilities in the website of the Motion Picture Association of America (MPAA). In order to prove the existence of the flaws in a humorous manner, he decided to inject a "Thank you" page with a rogue IFrame, which loads th... |
4 May 2009
04:35 GMT |
|
|
Websites belonging to Symantec and Kaspersky Labs, two of the biggest global providers of security solutions, have been found to be vulnerable to cross-site scripting attacks. Ill-intent individuals could have exploited the flaws to steal authentication cookies or inject rogue IFrames and other potentially malicious ... |
16 April 2009
07:08 GMT |
|
|
Late on Saturday and Monday, the increasingly popular micro-blogging platform Twitter faced the e-wrath of Mikeyy again. A new worm released by the teenager affected its users, who unwillingly began to post new rogue messages on their profiles. During this past weekend, the Twitter staff fought a cat-and-mouse game ... |
14 April 2009
06:39 GMT |
|
|
Several sustained attacks against Twitter users have created quite a stir on the micro-blogging platform, over the weekend. The incidents caused logged-in Twitters who were visiting compromised profiles to automatically propagate the worm by posting unauthorized messages. The first attacks hit during the early hours... |
13 April 2009
08:14 GMT |
|
|
A self-proclaimed ethical hacker has disclosed multiple bugs affecting the eBay UK website. On their own, or combined, these flaws can facilitate different attacks such as phishing, session cookie hijacking or expose secure information. Screenshots of several proof-of-concept attacks against ebay.co.uk have been pub... |
4 April 2009
04:38 GMT |
|
|
Two security researchers have discovered a serious XSS weakness affecting the popular micro-blogging platform Twitter. By clicking on a hidden, maliciously crafted link, users can be forced to post messages without their knowledge. Lance James and Eric Wastl, security researchers for Secure Sciences Corporation, hav... |
20 March 2009
07:33 GMT |
|
|
In keeping with a recent trend of vulnerability disclosures affecting the websites of antivirus vendors, AVG Technologies has just joined the list with an active XSS flaw that can be used to insert content in a page on its website. The cross site scripting flaw was discovered by a user going by the handle of "CrueLC... |
11 March 2009
05:02 GMT |
|
|
A cross-site scripting flaw affecting the Intel Product Security Center website has been disclosed. Successful exploitation allows for rogue iframe injection, arbitrary redirection and session cookie hijacking. The Intel Security Center is home to advisories regarding security issues that affect Intel products. "Int... |
28 February 2009
05:01 GMT |
|
|
|
|
Find us on Google+
