Advertisements

A new and working PayPal XSS

Written by DP

Saturday, 27 October 2007

A new critical PayPal XSS was submitted to our archive by Fugitif. It can be exploited by malicious people to conduct phishing attacks. This cross-site scripting issue might be leveraged by an attacker to steal cookie based authentication credentials.


read more...

A new critical Google XSS vulnerability promptly corrected

Written by DP

Thursday, 27 September 2007

Check out the new Google XSS vulnerability that beford discovered. Actually are exploits which allow attackers to steal information from Gmail accounts. These exploits have been successfully tested under all major browsers. Those of  you who use Firefox + NoScript plugin were fully protected against such kind of attacks.


read more...

Google Search Appliance is vulnerable to XSS

Written by DP

Saturday, 22 September 2007

MustLive from websecurity.com.ua, has disclosed a cross-site scripting vulnerability in the very expensive Google Search Appliance solution for enterprises. Many high-profiled websites which use this product are currently vulnerable.


read more...

XSS vulnerability in iGoogle/Gmodules when calling external widgets

Written by DP and KF

Monday, 20 August 2007

x2Fusion sent to me an interesting e-mail describing how is possible to XSS an iGoogle personalized homepage via the widgets. iGoogle is using frames to open Gmodules, which calls third party widgets. While this prevents cookie stealing, can still be used to launch phishing attacks against the iGoogle users, or directly via gmodules.com, by calling a malicious widget, which will be executed in the context of the gmodules domain.


read more...

White paper on Facebook XSS

Written by DP

Saturday, 4 August 2007

Adrienne Felt is a student of University of Virginia's School of Engineering, double majoring in computer science (B.S.) and mathematics. She is "currently examining the Facebook  Platform as a case study on the security of mashups", and recently discovered a serious XSS vulnerability affecting the popular social networking website.


read more...

Nduja Connection: A cross webmail worm (XWW)

Written by DP

Friday, 13 July 2007

Recently we were contacted by Rosario Valotta who shared his latest research paper and a proof of concept of what he defines to be a cross webmail worm (XWW). Rosario implemented the worm in order to demonstrate its significant negative impact that could have on unaware users of famous webmail providers which are vulnerable to XSS. He named the worm "Nduja connection".


read more...

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 

 

45884 total xss
14724 special xss
3026 fixed
5039 xss onhold
2791 EW subscribers

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.