Home | News | Articles | Adv. | Submit | Alerts | Links | XSS info | About | Contact

XSS Archive | XSS Archive | TOP Submitters | TOP Submitters | TOP Pagerank |

Submit cross-site scripting vulnerabilities using the form below (HTTP response splitting, frame redirect and other vulnerabilities that can be exploited against users are also allowed). Note: Script insertion vulnerabilities, which can lead to cross-site scripting, can also be used to damage the site by blocking its visual access, note that it could represent a crime in many countries and we do not support this action. Once the mirror has been validated and published, you should contact the webmasters of the affected web site and help them to fix the flaw. Be sure to verify if that XSS has never been submitted before using the search at the top of the left menu. Author: (e.g.: your full name)  URL:  POST data (optional):  Do NOT fill the field if no POST data is required for the xss, or it will get deleted. Code:  You can submit XSS vulnerabilities in web-based e-mail providers (Yahoo, Gmail, Hotmail) or other websites which need user authentication as well as in software applications, by mailing submissions/\xssed.com (replace "/\" with "@") with your name and an explanation in order to be able to reproduce the vulnerability. XSS cheat sheet: ha.ckers.org/xss.html - Different cross-site scripting attack vectors for filter evasion. Updates: 06/03/2007: ONLY the XSS affecting a different PAGE will be published as REXSSED, don't try to send some XSS already published as they will be deleted, please do not make us lose time. 09/03/2007: Feel free to send us your xss (non malicious) scripts as .js if you want us to host them. The repository of scripts and images is available here. 12/03/2007: If you find any (very) famous web site vulnerable to CSRF/XSRF (Cross-site request forgery) we may post a news about it, as it cannot be mirrored, just mail us an explanation. 26/03/2007: POST data can now be sent with the form, do NOT fill the field if no POST data is required for the xss, or it will deleted. 29/04/2007: We now allow submissions of "redirect" vulnerabilities, but only the direct redirects will be accepted.

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.