New section available: TOP XSS by Pagerank

Written by KF

Thursday, 26 April 2007

As you have probably noticed, a new section is now available on XSSed: the "TOP pagerank"  - or top traffic rank - which includes the list of the top 300 sites with XSS. We encourage everybody to find XSS or other vulnerabilities affecting the users of the top most visited web sites in order to secure them. This will prevent users from falling victims of XSS or phishing attacks.


Microsoft leaves an open door to phishers!

Written by Giovanni Delvecchio,

Wednesday, 11 April 2007

Cyber criminals often appeal to users' unawareness and good faith to design their attacks, and in spite of constant information made by journals, blogs, magazines and IT Security organizations, this phenomenon, and specially the number of victims, keeps growing. But what happens when a site considered as trusted, actually contains a “trap” for the user?


Cross-site framed?

Written by DP and KF

Tuesday, 27 March 2007

Have you heard of cross-site framing? The past few days I saw listed on our archive, several websites vulnerable to cross-site framing - listed as frame redirection. I will briefly describe a possible exploitation scenario, concluding with more emphasis on the negative impact that this type of vulnerability can have to the privacy of innocent individuals who are users of the affected websites.

read more... is vulnerable to another XSS

Written by DP

Monday, 26 March 2007

Brendandonhue from, notified us about a cross-site scripting vulnerability which he discovered on - the popular user driven social content website. Malicious people can exploit this vulnerability to compromise user accounts and perform cross-site request forgeries (CSRF) -  for example, when an attacker forces the victim to Digg his story.


Jikto: the JavaScript-based threat

Written by Roberto Preatoni,

Thursday, 22 March 2007

Do you know Jikto? It is a new tool written in JavaScript that could be used by cyber crooks on PCs of unknowing users to make them do illegal activities without directly commandeer the systems. According to Jikto creator Bill Hoffman, researcher at web security firm SPI Dynamics, this is going to drastically change the scope of evil things you can do with JavaScript.


IE7 users: beware of "Navigation Canceled" errors!

Written by KF

Thursday, 15 March 2007

Did you feel secure with your brand new Internet Explorer 7? Well, Aviv Raff published on his blog an interesting vulnerability affecting it: a cross-site scripting in the navcancl.htm local resource.


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 


45884 total xss
14724 special xss
3026 fixed
5328 xss onhold
2932 EW subscribers

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.