Re: vulnerability classifications (was: Re: Identity Theft)

To: Nicole <lists-tech-debian-suers@uniporn.org>
Cc: debian-user@lists.debian.org
Subject: Re: vulnerability classifications (was: Re: Identity Theft)
From: Jeremy Ardley <jeremy@ardley.org>
Date: Tue, 21 Dec 2021 10:41:17 +0800
Message-id: <[🔎] 289a7179-45b9-c153-3a23-3386c65dd0a1@ardley.org>
In-reply-to: <20211221021852.udf3eubb5eg465ne@discordia>
References: <[🔎] 202112201032.31524.rhkramer@gmail.com> <[🔎] 20122021192509.6807369e9dc0@desktop.copernicus.org.uk> <[🔎] 202112202059.59274.rhkramer@gmail.com> <[🔎] 8c360b4c-42fb-f7de-96ab-b6958c31e2f9@ardley.org> <20211221021852.udf3eubb5eg465ne@discordia>

On 21/12/21 10:18 am, Nicole wrote:

More at https://owasp.org/www-community/attacks/xss/

just out of curiousity: I understand XSS are like code injections into
the HTML through user controlled input or attacker controlled input, e.g. 
the password field or the message you send someone. what you describe my
amateurish brain however references as XS(-Leak?) vulnerability - is
this a mix-up on your end or a misunderstanding of how words are used on
my end?

The overview in the link above describes it. Basically the script can do many things including altering the content of a page

More at

https://owasp.org/www-community/Types_of_Cross-Site_Scripting

--
Jeremy

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to:

References:
- Identity Theft
  - From: rhkramer@gmail.com
- Re: Identity Theft
  - From: Brian <ad44@cityscape.co.uk>
- Re: Identity Theft
  - From: rhkramer@gmail.com
- Re: Identity Theft
  - From: Jeremy Ardley <jeremy@ardley.org>

Prev by Date: Re: Identity Theft
Next by Date: Re: Identity Theft
Previous by thread: Re: Identity Theft
Next by thread: Re: Identity Theft
Index(es):
- Date
- Thread