Exploitation of Self-Only Cross-Site Scripting in Google Code

Written by Amol Naik, Security Practice - Persistent Systems Ltd.

Friday, 1 April 2011

Amol Naik has discovered and successfully exploited a cross-site scripting bug that initially seemed unexploitable. In this paper, Amol describes in detail the exploitation steps.


The Beginners Guide to XSS

Written by MaXe, InterN0T

Friday, 1 April 2011

A beginners guide to cross-site scripting (XSS) vulnerabilities with examples, authored by Offensive Security Certified Expert MaXe, founder of the famous Intern0t underground security training community.


Blog: Reducing XSS by way of Automatic Context-Aware Escaping in Template Systems

Written by Jad S. Boutros, Google Security Team

Wednesday, 2 June 2010

An interesting blog post by Google's Online Security Team, ntroducing Automatic Context-Aware Escaping (Auto-Escape for short), a functionality the team added to two Google-developed general purpose template systems to better protect against Cross-Site Scripting (XSS).


Browser Hijacking Techniques 2009

Written by p3lo

Sunday, 3 May 2009

An interesting paper by p3lo concerning the new XSS vectors, javascript malware obfuscation , url cache poisoning, packing, frame jacking techniques etc..  

read more... permanent XSS vulnerability

Written by Pedro Laguna

Thursday, 16 April 2009

An interesting article about an xss vulnerability in a theme that was installed on


How to write a XSS (cross site scripting) worm for McCodes sites

Written by PaPPy

Monday, 19 January 2009

How to write a XSS (cross site scripting) worm for McCodes sites


2 3 4 5 


45884 total xss
14724 special xss
3026 fixed
5328 xss onhold
2932 EW subscribers

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.