Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We’re about to launch a public facing site, and the security review team has come back with a XSS vulnerability. It’s essentially a brochure site – there are no logins, and no user submitted information is publicly displayed.
Is XSS still something we should be concerned about?
Yes, XSS allows hackers to control the content on your site and normally takes a single function call to fix. It takes less effort to fix this issue, than for you to post this question to SO about it.
Lets say you are Fox News, someone could use XSS to fabricate the news. Further more it could be used to deliver a drive by download attack to your users. In your case someone could create a fake brochure with outrageous claims.