cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rhenius, Karl Stefan" <>
Subject RE: XSS flaw in Available SOAP services page
Date Fri, 25 Feb 2011 08:48:41 GMT
Hi Glenn,

there are persistent and non-persistent XSS attacks. describes an exploit
scenario for non-persisting XSS attacks.


> But giving somebody a fraudulent link is not cross-site 
> scripting, and 
> browser certificate checks would catch that anyway.
> Only the service provider has control over the contents of the 
> page, Bad 
> Guy has no 
> opportunities to enter in data that could alter that page, so I don't 
> see where the XSS concern is.

View raw message