Posts

MSN.com Vulnerable to XSS - Cross Site Scripting

Image
Title: MSN.com Vulnerable to XSS - Cross Site Scripting Script Link: http://investing.money.msn.com/investments/equity-historical-price/?PT=7&D4=1&DD=1&D5=0&DCS=2&MA0=0&MA1=0&CF=0 &>">/* Script Here */=1 &SZ=0&symbol=Asp& Author: Yogesh Jaygadkar  Reported: Tuesday, May 01, 2012  Vulnerability Fix date : 22 May 2012  Public Release: 22 May 2012  Browser : FireFox , IE OS : Win7 , Ubuntu Description:  XSS - Cross Site Scripting Vulnerability found in MSN.com .Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere. An attacker can use XSS to send a malicious script to an u