Microsoft TechNet: Information on Cross-Site Scripting Security Vulnerability

"Microsoft has identified a serious security vulnerability that could potentially affect many web sites and web site users. The vulnerability, known as 'Cross-Site Scripting', is equally possible on all vendors' products, and does not result from a defect in any of them. Instead, it results from certain common web coding practices."

"Cross-Site Scripting would potentially enable a malicious user to introduce executable code of his choice into another user's web session. Once the code was running, it could take a wide range of actions..."

"The long-term solution to the problem requires web sites and web site developers to review their code and verify that it adheres to secure coding practices. However, in the short term, there are some steps that customers can take to minimize the likelihood of being affected by this issue. The FAQ discusses these in detail."

Complete story.

Related Stories:

• Sun.com: Re: CERT Advisory CA-2000-02(Feb 04, 2000)
• CERT.org: CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests(Feb 03, 2000)
• MSNBC/AP: Experts warn of new Net surfing risk(Feb 03, 2000)