Cross-Site Scripting Hits Major Sites

An anonymous reader writes "Dark Reading and SC Magazine covered a story about hackers posting cross-site scripting (XSS) vulnerabilies en mass on dozens of high profile websites including Dell, MSN, HP, Apple, Myspace, YouTube, MSN, Cingular, etc. The media coverage drew the hacker's attention to the publication's websites where they got a taste first-hand. On message board wall-of-shame is PC World, MacWorld, Fox News, the Independent, and ZDNet UK. "...not only did we get the "scoop" on the XSS site problems, but we also got the message loud and clear: Don't assume you're immune to XSS vulnerabilities. They're everywhere." The news comes shortly after Mitre (CVE) released statistics showing XSS has become the most popular exploit. Unfortunately new XSS attacks are growing increasingly severe and scanners are unable to find many of the issues on modern websites."

FUD

[radu.stanca]

Don't assume you're immune to XSS vulnerabilities. They're everywhere

OMG!!! Won't somebody please think of the children?
Now guys, who cares `bout XSS when we have IE 0dayz around...

Re:The Cross Site Scripting FAQ

[Heembo]

Dearest Idiot, You only posted one link in this thread, and it was malicious. http://slashdot.org/comments.pl?sid=197523&thresho ld=-1&commentsort=0&mode=thread&cid=16185807 Heembo