Web sites operated by several leading Internet security organizations are vulnerable to an old but serious security flaw known as the cross-site scripting (CSS) attack. A cursory survey today revealed that the corporate home pages of security software vendors including Network . . .
Web sites operated by several leading Internet security organizations are vulnerable to an old but serious security flaw known as the cross-site scripting (CSS) attack. A cursory survey today revealed that the corporate home pages of security software vendors including Network Associates, Kaspersky Lab, Trend Micro, SonicWall, and Command Software, were all susceptible to CSS attacks.

Nearly two years ago, the Computer Emergency Response Team (CERT) warned Web developers to prevent their sites from being abused through CSS attacks. According to CERT, the presence of CSS vulnerabilities can be exploited by malicious third parties to perform an array of attacks on site users, including theft of passwords, credit card numbers, browser cookies, and other private data.

The link for this article located at Newsbytes is no longer available.