Cross site scripting @verisign.com and @cybercash.com

From: KF (dotslash@snosoft.com)
Date: 04/19/02


Date: Fri, 19 Apr 2002 12:38:16 -0400
From: KF <dotslash@snosoft.com>
To: websitesupport@verisign.com, support@verisign.com, recon@snosoft.com, vuln-dev@security-focus.com, bugtraq@security-focus.com

http://www.cybercash.com/>alert('hi')</script>

or

http://www.verisign.com/ <http://www.cybercash.com/><script>alert('hi')</script>

Not sure how big a deal this is... but seeing as how the name verisign
is associated with "Security" I think it should be looked at. This
didn't work from my Mozilla browser on linux but it did from IE on
win2k... could be a browser detection method causing the varied results.
-KF



Relevant Pages

  • Re: Cross site scripting @verisign.com and @cybercash.com
    ... but seeing as how the name verisign ... > is associated with "Security" I think it should be looked at. ... could be a browser detection method causing the varied results. ... Because of the popularity of XSS/CSS holes I have written a FAQ on the subject. ...
    (Vuln-Dev)
  • Re: Cross site scripting @verisign.com and @cybercash.com
    ... but seeing as how the name verisign ... > is associated with "Security" I think it should be looked at. ... could be a browser detection method causing the varied results. ... Because of the popularity of XSS/CSS holes I have written a FAQ on the subject. ...
    (Bugtraq)
  • Cross site scripting @verisign.com and @cybercash.com
    ... but seeing as how the name verisign ... is associated with "Security" I think it should be looked at. ... could be a browser detection method causing the varied results. ...
    (Bugtraq)
  • Re: Cross site scripting @verisign.com and @cybercash.com
    ... > is associated with "Security" I think it should be looked at. ... could be a browser detection method causing the varied results. ... I noticed this on CyberCash a few weeks ago, but didn't think much of it ... Hadn't checked VeriSign yet ...
    (Vuln-Dev)
  • [NEWS] VeriSign "PayFlow Link" Payment Service Security Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The final checkout page of various online shopping cart applications ... vendor's PayFlow Link account at VeriSign for validation. ... Sign up for a free demo PayFlow Link account at VeriSign. ...
    (Securiteam)