Advertisements

17-year-old promoted his website on Twitter with harmless XSS worm

Written by DP

Wednesday, 15 April 2009

Curt Monash on Slashdot wrote: "Twitter was hit Saturday by a worm that caused victims' accounts to tweet favorably about the StalkDaily website. Infection occurred when one went to the profile page of a compromised account, and was largely spread by the kind of follower spam more commonly used by multi-level marketers.


read more...

Critical XSS and directory traversal flaws on Ebay.co.uk website

Written by DP

Friday, 3 April 2009

A security researcher who goes by the nickname "methodman", today reported a few critical security vulnerabilities affecting Ebay.co.uk. Earlier, he alerted Ebay staff about the issue, but didn't get any response...


read more...

Critical Memova-based webmail vulnerability put at risk more than 40 million webmail accounts

Written by DP

Sunday, 29 March 2009

Independent security researchers Rosario Valotta and Matteo Carli have discovered a critical security vulnerability impacting all worldwide webmail applications based on the Memova framework (developed by Critical Path ).


read more...

New critical XSS on Facebook fixed in record time due to ethical disclosure

Written by Pierre Gardenat and DP

Wednesday, 25 February 2009

Security researcher Pierre Gardenat is preparing a paper for the SSTIC 09 (http://www.sstic.org/SSTIC09/info.do - Rennes 3,4 and 5th June 2009) on the evolution of XSS threats; since wide social networks like Facebook can become powerful attack vectors, it was interesting to see if some of these networks were vulnerable to permanent XSS attacks, which would make XSS worm spreading possible.


read more...

Google Sites Reflective Cross-Site Scripting

Written by KF

Friday, 30 January 2009

Get it while it's hot! Pierre Gardenat submitted a very interesting reflective cross-site scripting vulnerability affecting the login page of Google Sites.


read more...

Myspace.com hit by a Permanent XSS

Written by KF

Wednesday, 28 January 2009

Daniel Lo Nigro has discovered a trick to bypass the Myspace filters and insert a script on a Myspace band profile.


read more...

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 

 

45884 total xss
14724 special xss
3026 fixed
5328 xss onhold
2933 EW subscribers

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.