Vulnerability Development mailing list archives
Re: Cross site scripting @verisign.com and @cybercash.com
From: zeno <bugtraq () cgisecurity net>
Date: Fri, 19 Apr 2002 14:34:31 -0400 (EDT)
http://www.cybercash.com/<script>alert('hi')</script> or http://www.verisign.com/ <http://www.cybercash.com/><script>alert('hi')</script> Not sure how big a deal this is... but seeing as how the name verisign is associated with "Security" I think it should be looked at. This didn't work from my Mozilla browser on linux but it did from IE on win2k... could be a browser detection method causing the varied results. -KF
Because of the popularity of XSS/CSS holes I have written a FAQ on the subject. Should be out in a week or so. If anyone has questions about cross site scripting throw me an email and I'll maybe add it to the faq. - zeno () cgisecurity com
Current thread:
- Re: Cross site scripting @verisign.com and @cybercash.com zeno (Apr 19)
- <Possible follow-ups>
- Cross site scripting @verisign.com and @cybercash.com KF (Apr 19)
- Re: Cross site scripting @verisign.com and @cybercash.com Tim Morgan (Apr 20)
- Re: Cross site scripting @verisign.com and @cybercash.com kristalaz (Apr 22)