Cross-site scripting, illustrated
Wired ThreatLevel Blog: Look Ma, I’m on CIA.gov. Wired’s security blog reports a cross-site scripting vulnerability in the CIA’s web site and gives a convenient demo exploit. The exploit is benign enough, illustrating how JavaScript can be used to load an iframe on the CIA’s search results page containing arbitrary content. But the potential for [...]
