Friday, 30 November 2007

As you noticed, we now have a fresh new design, we really hope you appreciate this new version! And this is not the only improvement; the long awaited early warning mailing list is now opened, feel free to subscribe to it if you want to receive XSS alerts affecting your web sites!

Wednesday, 14 November 2007

You have probably noticed that the mirrors of all archived XSS vulnerable websites do not show up. This is due to some people who submitted and validated the domain to online anti-phishing services. Validation comes from researching something and possessing proofs that is accurate and adequate. It will be very boring for us if every time a new anti-phishing service comes up, marks our site as phishing and blocks our domain.

Tuesday, 6 November 2007

Prevx has this slogan: "We detect the threats that others miss". They state on their blog that received an unsolicited e-mail from us "raising the possibility that a querystring parameter could be exploited to launch a malicious script by the caller to the download page."

Sunday, 4 November 2007

Nemessis has discovered a new XSS/URL redirect vulnerability on PayPal.com. You can simply choose your preferable landing URL. This service is revolutionary as there is no need to register on the site. Anyone can use it for free.

Thursday, 1 November 2007

Good month to everyone! A cross-site scripting vulnerability affecting PayPal's Payflow payment gateway, was discovered by Nemessis just two days after another PayPal XSS was fixed.

Saturday, 27 October 2007

A new critical PayPal XSS was submitted to our archive by Fugitif. It can be exploited by malicious people to conduct phishing attacks. This cross-site scripting issue might be leveraged by an attacker to steal cookie based authentication credentials.

1 2 3 4 5 6 7 8 9 10 11 12 13