Three of the large players are guilty of cross site scripting vulnerabilities. This simply illustrates that the age of server-side vulnerabilities is coming to an end. I'm not saying that servers no longer have flaws, but that browser security is so lax that there's no reason to attack the much better understood and secured servers.
It's obviously out of control when vendors of this magnitude have problems with it. It's time to radically rethink browser design and security.
Verisign, McAfee and Symantec sites can be used for phishing due to XSS | News | XSSed.com
It's obviously out of control when vendors of this magnitude have problems with it. It's time to radically rethink browser design and security.
Verisign, McAfee and Symantec sites can be used for phishing due to XSS | News | XSSed.com
wonder how easy it would be for the bad guys to phish your clients, or their customer base - I don't think that they are all aware of the risks imposed by XSS vulnerabilities.Technorati Tags: xss, symantec, vulnerability, mcafee
Realize now the risk impact and not until you are forced to do so...
McAfee.com XSS vulnerabilities:
mastdb3.mcafee.com XSS submitted by Zeitjak
knowledge.mcafee.com XSS submitted by C1c4Tr1Z
knowledge.mcafee.com XSS submitted by holisticinfosec
us.mcafee.com XSS submitted by TreX
mcafee.com XSS submitted by kusomiso.com
mcafee.com XSS submitted by www.r3t.n3t.nl
www.mcafee.com XSS submitted by kusomiso.com
knowledge.mcafee.com XSS submitted by i-landet
7 out of 8 XSS vulns are fixed.
Leave a comment