LocostBuilders - powered by XMB

cross site scripting? Whats that all about

AndyW - 9/1/12 at 09:32 PM

Hi all,
Just recently I have been getting a message come up to the effect of "windows explorer has modified this page to prevent cross site scripting"

Any one shed a light as to what on earth that means and why its happening all the time whilst browsing? Mainly on youtube but just got it whilst on e-bay too?

Hope the flaming computer isnt on the way out.

Im running Norton 360 as apparently all is well?

david_hornet27 - 9/1/12 at 09:38 PM

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 80.5% of all security vulnerabilities documented by Symantec as of 2007.[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.

Not really sure what that means in english...

big_wasa - 9/1/12 at 09:39 PM

I am getting it to.

ps where is the start up vid

r1_pete - 9/1/12 at 09:43 PM

Its basically a vulnerability in web apps whereby unsolicited content is loaded into your browser masquerading as the legitimate content you requested.

Hackers look for holes in web apps to enable them to inject such content in order to gain sensitive data about yourself, some apps use it to watch your browsing activity and target advertising at you.

ReMan - 9/1/12 at 10:24 PM

I got it for the first time yesterday and got quite exited at a "New" message.

I don't even think i was on LCB at the time

I expect some update has changed something such that something that has always been happening unnoticed is now reported!

jossey - 10/1/12 at 10:10 AM

try this.

(To turn off the XSS Filter)
a. Follow the menu path: Tools -> Internet Options
b. Select the Security Tab
c. Select Custom level
d. Scroll to the Bottom of the List.
e. Click Disable XSS Filter

Important: Internet Explorer 9 includes a cross-site scripting (XSS) filter that can detect these types of attacks. If vulnerabilities are found, Internet Explorer disables the harmful scripts. The cross-site scripting filter is turned on by default to help protect you.
For more information you may refer the article provided below:
Cross-site scripting filter
http://windows.microsoft.com/en-US/internet-explorer/products/ie-9/features/cross-site-scripting-filter

[Edited on 10/1/12 by jossey]

MattStorey - 12/1/12 at 08:43 AM

Woah! Don't disable this stuff for an average home pc user.

XSS in laymans terms terms can allow viruses and malware to be installed.

Purely and simple if google was vulnerable to XSS it can allow an attacker to execute code from malicioussite.com when you access google.com.

The problem with most home users is that they run with administrative privelages so installing software or malicious code is simple and abused by people.

Thanks, Matt