Non-Profit XSS Vulnerability Archive Launched

This week saw the launch of XSSposed, an open, non-profit Cross-Site Scripting (XSS) vulnerability archive that aims to replace the defunct xssed.org resource.

XSSposed gives any security researcher the opportunity to responsibly disclose XSS flaws on any website and receive recognition for their efforts. Meanwhile website administrators can check whether their site is secure.

Since Tuesday, XSSposed has collected active vulnerabilities for 72 websites including those that belong to Kaspersky, Gizmodo and IBM.

For the greater good

XSS is the most common type of security vulnerability, often found in web-based applications, their servers, or plug-in systems on which they rely. It enables the attacker to inject client-side script into Web pages viewed by other users. When abused, some of these vulnerabilities can do little more than annoy the visitors, while others can seriously compromise the security of data.

The administration of the new XSS archive says that all mirrors of vulnerabilities are independently verified before being published. It has promised to never remove any mirrors for political or business reasons, irrespective of who is the researcher and who is the website owner.

The archive accepts any XSS vulnerabilities that can enable the attacker to display a JavaScript pop-up with ‘XSSPOSED’ written in it, including iFrame injections and open redirects.

Researchers can submit their findings anonymously, under a nickname, or even a real name. All members are rated, and the Top 50 most active contributors are marked with a golden medal.

In order to limit the extent to which the archive can be abused by actual hackers, XSSposed limits the number of requests for whether a certain vulnerability has been fixed to one a day.

How well do you know network security? Try our quiz and find out!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago