Re: Cross site scripting @verisign.com and @cybercash.com

[zeno <bugtraq () cgisecurity net>]

> http://www.cybercash.com/<script>alert('hi')</script>
>
> or 
>
> http://www.verisign.com/ <http://www.cybercash.com/><script>alert('hi')</script>
>
> Not sure how big a deal this is... but seeing as how the name verisign 
> is associated with "Security" I think it should be looked at. This 
> didn't work from my Mozilla browser on linux but it did from IE on 
> win2k... could be a browser detection method causing the varied results.
> -KF

Because of the popularity of XSS/CSS holes I have written a FAQ on the subject. Should be out in a week
or so. If anyone has questions about cross site scripting throw me an email and I'll maybe add it to
the faq.

- zeno () cgisecurity com


>