What other software/cms are at risk to xss vulnerabilities?
JC: I don’t want to sound negative, but any software could possibly allow execution of third party code, whether it’s XSS through JavaScript, injecting server-side code (PHP, ASP, etc.), or even buffer overflows in compiled apps. As I write this, there’s a vulnerability in the wild for Firefox 3.5 that allows arbitrary code execution due to a bug in the new JavaScript engine’s document.write method. The code used to cause the buffer overflow is written in JavaScript, but the payload is not. JV: How to best evaluate ones own sites for xss vulnerability issue? JC: The best way to do this is to test everything that accepts user-supplied input with test code. Try submitting your forms using
tags, and if you get a horizontal line, it stands to reason a malicious hacker could replace that with a