Cross site scripting @verisign.com and @cybercash.com
From: KF (dotslash@snosoft.com)Date: 04/19/02
- Previous message: Steve Maks: "Where does the hole lie?"
- Next in thread: zeno: "Re: Cross site scripting @verisign.com and @cybercash.com"
- Reply: zeno: "Re: Cross site scripting @verisign.com and @cybercash.com"
- Reply: Tim Morgan: "Re: Cross site scripting @verisign.com and @cybercash.com"
- Reply: KF: "Re: Cross site scripting @verisign.com and @cybercash.com"
- Reply: kristalaz: "Re: Cross site scripting @verisign.com and @cybercash.com"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 19 Apr 2002 12:38:16 -0400 From: KF <dotslash@snosoft.com> To: websitesupport@verisign.com, support@verisign.com, recon@snosoft.com, vuln-dev@security-focus.com, bugtraq@security-focus.com
http://www.cybercash.com/ or
http://www.verisign.com/ <http://www.cybercash.com/><script>alert('hi')</script>
Not sure how big a deal this is... but seeing as how the name verisign
is associated with "Security" I think it should be looked at. This
didn't work from my Mozilla browser on linux but it did from IE on
win2k... could be a browser detection method causing the varied results.
-KF
Relevant Pages
... but seeing as how the name verisign ... > is associated with "Security" I think it should be looked at. ... could be a browser detection method causing the varied results. ... Because of the popularity of XSS/CSS holes I have written a FAQ on the subject. ...
(Vuln-Dev)
... but seeing as how the name verisign ... > is associated with "Security" I think it should be looked at. ... could be a browser detection method causing the varied results. ... Because of the popularity of XSS/CSS holes I have written a FAQ on the subject. ...
(Bugtraq)
... but seeing as how the name verisign ... is associated with "Security" I think it should be looked at. ... could be a browser detection method causing the varied results. ...
(Bugtraq)
... > is associated with "Security" I think it should be looked at. ... could be a browser detection method causing the varied results. ... I noticed this on CyberCash a few weeks ago, but didn't think much of it ... Hadn't checked VeriSign yet ...
(Vuln-Dev)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The final checkout page of various online shopping cart applications ... vendor's PayFlow Link account at VeriSign for validation. ... Sign up for a free demo PayFlow Link account at VeriSign. ...
(Securiteam)
