This week saw the launch of XSSposed, an open, non-profit Cross-Site Scripting (XSS) vulnerability archive that aims to replace the defunct xssed.org resource.
XSSposed gives any security researcher the opportunity to responsibly disclose XSS flaws on any website and receive recognition for their efforts. Meanwhile website administrators can check whether their site is secure.
Since Tuesday, XSSposed has collected active vulnerabilities for 72 websites including those that belong to Kaspersky, Gizmodo and IBM.
XSS is the most common type of security vulnerability, often found in web-based applications, their servers, or plug-in systems on which they rely. It enables the attacker to inject client-side script into Web pages viewed by other users. When abused, some of these vulnerabilities can do little more than annoy the visitors, while others can seriously compromise the security of data.
The archive accepts any XSS vulnerabilities that can enable the attacker to display a JavaScript pop-up with ‘XSSPOSED’ written in it, including iFrame injections and open redirects.
Researchers can submit their findings anonymously, under a nickname, or even a real name. All members are rated, and the Top 50 most active contributors are marked with a golden medal.
In order to limit the extent to which the archive can be abused by actual hackers, XSSposed limits the number of requests for whether a certain vulnerability has been fixed to one a day.
How well do you know network security? Try our quiz and find out!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…