A while back I wrote about VDBs and site specific vulnerabilities. The general concensus is that VDBs should not track site specific vulnerabilities, even though some do for bigger sites that provide services (i.e. Google, Gmail, Yahoo). While OSVDB does not, we recently ran across a site that is now tracking Cross-Site Scripting (XSS) vulnerabilities in web sites. Interesting watching various high profile sites that don’t appear to properly test their applications before deployment.
XSS Virus Whitepaper
The following paper explores the new threat of cross-site ing (XSS) viruses. To date, cross site ing has never been utilised to generate viruses. These viruses are a new species which are platform independent and not affected by common firewall configurations. XSS viruses could have a significant impact for Internet continuity, including distributed denial of service (DDOS) attacks, SPAM and dissemination of browser exploits. This is particularly relevant with the increasing sophistication of web browsers and the growing popularity of web based applications such as Wikis and Blogs.