Exploitation of Self-Only Cross-Site Scripting in Google Code

Written by Amol Naik, Security Practice - Persistent Systems Ltd.

Friday, 1 April 2011

Amol Naik has discovered and successfully exploited a cross-site scripting bug that initially seemed unexploitable. In this paper, Amol describes in detail the exploitation steps.

The Beginners Guide to XSS

Written by MaXe, InterN0T

Friday, 1 April 2011

A beginners guide to cross-site scripting (XSS) vulnerabilities with examples, authored by Offensive Security Certified Expert MaXe, founder of the famous Intern0t underground security training community.

Blog: Reducing XSS by way of Automatic Context-Aware Escaping in Template Systems

Written by Jad S. Boutros, Google Security Team

Wednesday, 2 June 2010

An interesting blog post by Google's Online Security Team, ntroducing Automatic Context-Aware Escaping (Auto-Escape for short), a functionality the team added to two Google-developed general purpose template systems to better protect against Cross-Site Scripting (XSS).

Browser Hijacking Techniques 2009

Written by p3lo

Sunday, 3 May 2009

An interesting paper by p3lo concerning the new XSS vectors, javascript malware obfuscation , url cache poisoning, packing, frame jacking techniques etc..

WordPress.com permanent XSS vulnerability

Written by Pedro Laguna

Thursday, 16 April 2009

An interesting article about an xss vulnerability in a theme that was installed on wordpress.com.

How to write a XSS (cross site scripting) worm for McCodes sites

Written by PaPPy

Monday, 19 January 2009

How to write a XSS (cross site scripting) worm for McCodes sites

1 2 3 4 5

45884 total xss 14724 special xss 3026 fixed 5328 xss onhold 2933 EW subscribers

Tweets about ""cross site scripting" OR from:xssedcom"