Dark Reading

Researcher Details New Class Of Cross-Site Scripting Attack

A new type of cross-site scripting (XSS) attack that exploits commonly used network administration tools could be putting users' data at risk, a researcher says. Tyler Reguly, lead security research ...
Network World

The what, who, when, where, why and how of XSS

DOM-based XSS attacks exploit the trust relationships in the DOM model. Once elements are parsed by DOM, they can be trusted by other domains, and this is especially true with newer, more ...