cross-site scripting

A security firm reports that hackers have intercepted email messages from Hotmail user accounts after manipulating a bug found deeply rooted within Microsoft's website. While security officials admitted that victims needed to be logged into Hotmail ... for the attack to work, the virus was also found to affect those that had previewed the message for a short period of time before logging out. Attack Source: Cross-Site Scripting Flaw (XSS) The source of the attack was revealed to be a common web programming error called a cross-site scripting flaw . As security firm Trend Micro explained in a ... (view more)

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. XSS: Background The expression "cross-site ... scripting" originated from the fact that a malicious web site could load another web site into another frame or window then use Javascript to read or write data on the other web site. The definition gradually changed to mean the injection of HTML and Javascript into a web page. Example of a Cross-site Scripting Attack Examples of an XSS code include ... (view more)