Linux Today: Linux News On Internet Time.





More on LinuxToday


Microsoft TechNet: Information on Cross-Site Scripting Security Vulnerability

Feb 04, 2000, 19:27 (3 Talkback[s])

WEBINAR: On-demand Event

Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >

"Microsoft has identified a serious security vulnerability that could potentially affect many web sites and web site users. The vulnerability, known as 'Cross-Site Scripting', is equally possible on all vendors' products, and does not result from a defect in any of them. Instead, it results from certain common web coding practices."

"Cross-Site Scripting would potentially enable a malicious user to introduce executable code of his choice into another user's web session. Once the code was running, it could take a wide range of actions..."

"The long-term solution to the problem requires web sites and web site developers to review their code and verify that it adheres to secure coding practices. However, in the short term, there are some steps that customers can take to minimize the likelihood of being affected by this issue. The FAQ discusses these in detail."

Complete story.

Related Stories: