Category Archives: cross-site scripting

Mitigations against critical universal cross-site scripting vulnerability in fully patched Internet Explorer 10 and 11

This week David Leo disclosed a critical universal cross-site scripting vulnerability in fully patched Microsoft Internet Explorer 10 and 11 (from now on called the UXSS leak). He notified Microsoft on October 13 last year, but Microsoft didn’t publish a … Continue reading

Posted in browser security, cross-site scripting, security vulnerability, website security | 1 Comment

Cross-site scripting in millions of web sites

In August 2014 I found a severe cross-site scripting security vulnerability in the latest version (1.13.0) of the ‘jQuery Validation Plugin‘ during a security penetration test for a customer. This jQuery plugin which adds easy form validation functionality to a web site, is … Continue reading

Posted in cross-site scripting, Google, php, responsible disclosure | 62 Comments

Web Programmer’s Hacking Guide

Ongeveer 80% van de websites op het internet hebben beveiligingslekken. Men denkt over het algemeen dat de software die men schrijft, veilig is. Ik durf het tegengestelde te beweren. Waarom? Omdat programmeurs niet geleerd wordt om veilig te programmeren. Een opmerkelijke … Continue reading

Posted in article, cross-site scripting, php security, security audit, website | Comments Off on Web Programmer’s Hacking Guide