In association with heise online

16 June 2008, 10:03

No end to cross site scripting holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The XSSed Project, which detects and discloses cross site scripting holes, recently reported numerous XSS holes in the web sites of Verisign, McAfee and Symantec.

A new edition of the German-based Phishmarkt collection of XSS holes has now appeared, this time focusing on US government and government agency pages. Phishmarkt found a total of 47 vulnerabilities on .gov pages. Although the holes were mostly found on minor town and county pages, affected agencies included the CIA and the states of Hawaii and California.

The Phishmarkt specialists even found eight holes on .mil pages. Whether XSS holes in pages such as that of the US Army "Training and Doctrine Command" can successfully be exploited for phishing attacks remains open to question, but they demonstrate that the problem isn't confined to the web pages of third class providers.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit