Select Page

Hackers at a website have posted a number of cross-site scripting (XSS) vulnerabilities in a number of sites, including security vendors Eeye, F-secure and Cisco.

As you probably know, cross-site scripting is a method to where something from one source can be inserted into another.  A common use is in phishing, such as making a phishing site magically appear to be the real financial site.

For example, clicking here will take you to the Sun site, with a wonderfully self-serving message.  (And if you want to get really irritated, click here to go to the Cisco site, but don’t tell me I didn’t warn you). 

Brian Krebs has more details, here.

Alex Eckelberry 

UPDATE:  The XSS links above have been fixed by at least Cisco.  I think the Sun one should still work.