« CGISecurity Interview: Interviewing Ivan Ristic the Author of ModSecurity | Main | Application Security: Countering The Professionals »

XSS Gone Wild!

For various reasons I'm going to report this as neutral as possible.

Apparently F5 and Acunetix both web security vendors were found to have XSS holes in their website according to RSnake's forum. To be honest with you yeah it is embarrassing but s!@# happens however that isn't why I'm posting this news story. I'm posting it because of the backlash denying these vulnerabilities has caused. If any issue is found in your site and publicly disclosed, admit it/fix it and move on.

Darkreading Link: http://www.darkreading.com/document.asp?doc_id=104815
RSnake Forum: http://sla.ckers.org/forum/read.php?3,44,632
Lord XSS Blog: http://jeremiahgrossman.blogspot.com/
POC Screenshots at n074h4x0r: http://n074h4x0r.blogspot.com/
SecureiTeam Blog: http://blogs.securiteam.com/index.php/archives/649


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!