All posts about specific Vulnerabilities and security holes that are valid in 2014 will be published and listed here.
Cross-site Scripting (XSS) flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites. Continue Reading →