Advertisements

PayPal mobile SSL site XSSed

Written by DP

Monday, 27 September 2010

Two days after the report of the PayPal Sandbox XSS which was finally corrected within a very short time, "d3v1l" from Security-Sh3ll has notified us about a new XSS affecting the PayPal mobile SSL site...


read more...

PayPal Sandbox SSL site vulnerable to cross-site scripting

Written by DP

Saturday, 25 September 2010

Security researcher "Nemessis" from Romanian teams Hackersblog and RSTcenter has discovered a critical XSS vulnerability affecting PayPal Sandbox. The PayPal Sandbox is a self-contained testing environment within which users can prototype and test PayPal features and APIs.The enviroment is a duplicate of the live PayPal site, except that no real money changes hands...


read more...

Chinese Sohu webmail users were susceptible to XSS attacks

Written by DP

Saturday, 25 September 2010

The webmail service of the NASDAQ listed company Sohu.com Inc. suffered from a serious cross-site scripting vulnerability (corrected yesterday). Sohu.com currently ranks 46th overall in Alexa and is one of the largest Chinese search engine companies which also offers advertising, online multiplayer gaming and other services.  


read more...

Twitter developer platform search field vulnerable to XSS

Written by DP

Monday, 6 September 2010

A non-persistent Twitter XSS was submitted by "cbr" on July 29, 2010 and has not been corrected since then. During the summer period, another three possible XSS attacks on Twitter have been reported...


read more...

Critical Facebook XSS bugs could be used to hijack accounts

Written by DP

Friday, 3 September 2010

We suggest that you read a late July 2010 post by Robert Abela from Acunetix, regarding a discovered XSS on Facebook which could lead to account hijacks. During the same period, another critical Facebook XSS also came to light... It was submitted to our archive by web security researcher nicknamed "AKABEY" and still appears to be working...


read more...

Just another persistent Twitter XSS

Written by DP

Monday, 19 July 2010

*UPDATED 20 Jul 2010 : 10:39pm* - A mirror of the now corrected vulnerability has been published. Also, read on an excellent technical blog post by Billy (BK) Rios about another Twitter XSS bug... Romanian security researcher "d3v1l" from Security-Sh3ll, has notified us just a few minutes ago about a persistent XSS that he discovered on Twitter's help center...


read more...

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 

 

45884 total xss
14724 special xss
3026 fixed
5328 xss onhold
2933 EW subscribers

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.