Bugtraq mailing list archives
Cross Site Scripting. Many Sites Vulnerable.
From: InterWN Labs <interwn () interwn nl>
Date: 21 Apr 2002 04:07:05 -0000
Hello all. I think its been made very clear that cross site scripting is a problem to most of us that read bugtraq, but it seems that many high profile companies, even tech ones, have forgotten that it can be a serious issue. I have posted a .txt file on my website that simply shows many example links to vulnerable sites that allow java script execution. A small list of the sites: Midway, Corel, NYTimes.com, AOL, Real Networks, Cisco, IBM, Oracle, Akamai, FedEx, FoxNews Lycos.com (angelfire and tripod), Geocities, Netcraft, and Sourceforge. www.whitehouse.gov and www.nipc.gov are included in the list. A brief paper will be written soon outlining CSS vulns and how to spot and fix them. Hope this is useful. The list can be found at: www.interwn.nl/release/cssvulns.txt philer www.interwn.nl
Current thread:
- Cross Site Scripting. Many Sites Vulnerable. InterWN Labs (Apr 22)