- The Cross Site Scripting FAQ
- Answers questions on identification, threats, and prevention. Provides examples and links. - Apache: Cross Site Scripting Info - How the attack affects websites hosted on the Apache webserver and Apache specific issues.
- Bypassing Javascript Filters - The Flash Attack - Paper by EyeonSecurity explaining how to inject CSS attacks into Web applications which allow Flash content.
- Cross Site Scripting Vulnerabilities - Security consultant David deVitry offers background information, a free CSS vulnerability detector, and a list of vulnerable sites.
Media publications
- 'Cross-site scripting' tears holes in Net security - USA Today article by Byron Acohido that details WhiteHat Security's assessment of Hotmail, Yahoo, Amazon, and America Online. (Published 2001-08-30 00:00:00)
- CERT Advisory CA-2000-02: Malicious HTML Tags Embedded in Client Web Requests - Advisory published jointly by the CERT Coordination Center, DoD-CERT, the DoD Joint Task Force for Computer Network Defense (JTF-CND), the Federal Computer Incident Response Capability (FedCIRC), and the National Infrastructure Protection Center (NIPC). (Published 2000-02-02 00:00:00)
- CNN.com: Schwab's Site Could be Vulnerable - Charles Schwab's online customers are at risk of having their account information accessed and their accounts manipulated due to the same software vulnerability that affected E-Trade's Web site in September. (Published 2000-12-08 00:00:00)
- InfoWorld Opinions: Cross-site Scripting - Article on this often overlooked threat with links. (Published 2002-05-06 00:00:00)
- perl.com: Preventing Cross-site Scripting Attacks - Paul Lindner, author of the mod_perl cookbook, explains how to secure our sites against Cross-Site Scripting attacks using mod_perl and Apache::TaintRequest. (Published 2002-02-20 00:00:00)
