Advertisements

Persistent XSS bug discovered on eBay

Written by DP

Wednesday, 6 October 2010

Security researcher "Side3ffects" has contacted us regarding a critical persistent XSS that he discovered on eBay... One of the possible exploitation scenarios is malicious people stealing cleartext credentials from registered users by injecting an iframe tag that retrieves another rogue eBay login page from a remote server...   


read more...

More American Express sites vulnerable to XSS and open redirects

Written by DP

Tuesday, 5 October 2010

Three more critical vulnerabilties have been reported for AmericanExpress.com... The other XSS is still pending a fix...


read more...

Cross-site scripting hole in American Express site using EV SSL

Written by DP

Monday, 4 October 2010

Security researcher "SeeMe" who discovered the persistent Amazon XSS vulnerability, has also reported a cross-site scripting bug on americanexpress.com that would allow fraudsters to carry out phishing attacks, targeted to American Express credit/debit card owners...


read more...

Amazon hit by persistent XSS vulnerability

Written by DP

Monday, 4 October 2010

A security researcher who goes by the nickname "SeeMe" has reported a critical persistent cross-site scripting vulnerability affecting the America's largest online retailer Amazon.com...


read more...

MasterCard and Visa sites bitten by XSS bugs

Written by DP

Friday, 1 October 2010

XSS bugs on the websites of the world's largest payment/credit-card proccessors are unacceptable.Most of the world's financial institutions issue a Visa or a MasterCard to consumers. Even if their vulnerable sites do not hold real personal or financial information about consumers, malicious people can still leverage the XSS bugs with phishing techniques to trick millions of unwitting people into sharing sensitive information...


read more...

Twitter and Orkut XSS worms in the news

Written by DP

Monday, 27 September 2010

I know it is a little late to mention these XSS worms, but they made numerous headlines last week... Twitter "OnMouseOver" XSS worm in the news. Jean-Pierre Vincent aka "braincracking" is a french web security researcher who submitted the "OneMouseOver" Twitter XSS to the archive. His exploit simply redirects to a non-existing URL for demonstration purposes.Twitter has been XSSed many times in the past and most of the XSS attacks occured during last summer...  


read more...

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 

 

45884 total xss
14724 special xss
3026 fixed
5328 xss onhold
2933 EW subscribers

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.