About Cross Site Scripting is currently often read about. It’s no wonder as each day new Webservices appear to catch some fame and traffic of web 2.0. Often they push the product out of the pipe as soon as possible, the security is in this moment just secondary( if they care even about it). After the release of the product, the motivation to hunt XSS flaws is minimal( I know this for myself on bug hunting). And when you send them an Email about it, it seems from time to time that they don’t even care about them when they get notified about some XSS flaw(see http://milw0rm.com for what I mean).
What are XSS flaws
Persistent and Non-Persisten XSS
Tags: Cross Site Scripting, Vulnerable code, XSS