Tuesday, 5 October 2010

Three more critical vulnerabilties have been reported for AmericanExpress.com... The other XSS is still pending a fix...

Monday, 4 October 2010

Security researcher "SeeMe" who discovered the persistent Amazon XSS vulnerability, has also reported a cross-site scripting bug on americanexpress.com that would allow fraudsters to carry out phishing attacks, targeted to American Express credit/debit card owners...

Monday, 4 October 2010

A security researcher who goes by the nickname "SeeMe" has reported a critical persistent cross-site scripting vulnerability affecting the America's largest online retailer Amazon.com...

Friday, 1 October 2010

XSS bugs on the websites of the world's largest payment/credit-card proccessors are unacceptable.Most of the world's financial institutions issue a Visa or a MasterCard to consumers. Even if their vulnerable sites do not hold real personal or financial information about consumers, malicious people can still leverage the XSS bugs with phishing techniques to trick millions of unwitting people into sharing sensitive information...

Monday, 27 September 2010

I know it is a little late to mention these XSS worms, but they made numerous headlines last week... Twitter "OnMouseOver" XSS worm in the news. Jean-Pierre Vincent aka "braincracking" is a french web security researcher who submitted the "OneMouseOver" Twitter XSS to the archive. His exploit simply redirects to a non-existing URL for demonstration purposes.Twitter has been XSSed many times in the past and most of the XSS attacks occured during last summer...  

Monday, 27 September 2010

Two days after the report of the PayPal Sandbox XSS which was finally corrected within a very short time, "d3v1l" from Security-Sh3ll has notified us about a new XSS affecting the PayPal mobile SSL site...

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18