[Full-disclosure] excessive xss vulnerabilities



there is a high volume of xss vulnerabilities on this list. take the next
step to disclose why xss important for the affected program. for instance,
creating a test case that does something privileged or malicious towards a
visitor. in attempting to create a keystroke logger in javascript i've found
it drops random keystrokes (i think its a speed problem). and i would be
interested in seeing more malicious javascript.

again please justify why xss is valuable in disclosures of these
vulnerabilties
even if its just a cookie stealer, please show why an attacker would want
those cookies or how he/she could use them to create a security issue.

thanks
feofil
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • XSS vulnerabilities in Google.com
    ... XSS vulnerabilities in Google.com ... Two XSS vulnerabilities were identified in the Google.com website, ... Although Google uses common XSS countermeasures, a successful attack ... The server response lacks charset encoding enforcement, ...
    (Pen-Test)
  • [Full-disclosure] XSS Vulnerabilities in TaskFreak
    ... Name: XSS Vulnerabilities in TaskFreak ... TaskFreak 0.6.4 and possibly below. ... Vulnerability Type: Cross-Site Scripting ...
    (Full-Disclosure)
  • XSS Vulnerabilities in TaskFreak
    ... Name: XSS Vulnerabilities in TaskFreak ... TaskFreak 0.6.4 and possibly below. ... Vulnerability Type: Cross-Site Scripting ...
    (Bugtraq)
  • Re: [Full-disclosure] excessive xss vulnerabilities
    ... there is a high volume of xss vulnerabilities on this list. ... next step to disclose why xss important for the affected program. ... even if its just a cookie stealer, please show why an attacker would ... in attempting to create a keystroke logger in javascript i've = ...
    (Full-Disclosure)