Thursday, 20 December 2007

Yesterday, a XSS worm hit Orkut - the famous social networking website, owned by Google. According to some reports, it seems that the permanent XSS (Script Insertion) was found in the HTML messages feature of the "Scrapbook" page, which allows members to leave messages on someone else's profile.

Thursday, 6 December 2007

YouTube is currently number 4 of the most visited websites on the planet according to Alexa. With more than 100 million video views every day, visitors are at great risk due to a serious cross-site scripting vulnerability, from which YouTube suffers for a month already.

Friday, 30 November 2007

As you noticed, we now have a fresh new design, we really hope you appreciate this new version! And this is not the only improvement; the long awaited early warning mailing list is now opened, feel free to subscribe to it if you want to receive XSS alerts affecting your web sites!

Wednesday, 14 November 2007

You have probably noticed that the mirrors of all archived XSS vulnerable websites do not show up. This is due to some people who submitted and validated the domain to online anti-phishing services. Validation comes from researching something and possessing proofs that is accurate and adequate. It will be very boring for us if every time a new anti-phishing service comes up, marks our site as phishing and blocks our domain.

Tuesday, 6 November 2007

Prevx has this slogan: "We detect the threats that others miss". They state on their blog that received an unsolicited e-mail from us "raising the possibility that a querystring parameter could be exploited to launch a malicious script by the caller to the download page."

Sunday, 4 November 2007

Nemessis has discovered a new XSS/URL redirect vulnerability on PayPal.com. You can simply choose your preferable landing URL. This service is revolutionary as there is no need to register on the site. Anyone can use it for free.

1 2 3 4 5 6 7 8 9