cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rhenius, Karl Stefan" <...@mach.de>
Subject RE: XSS flaw in Available SOAP services page
Date Fri, 25 Feb 2011 08:48:41 GMT
Hi Glenn,

there are persistent and non-persistent XSS attacks.
http://en.wikipedia.org/wiki/Cross-site_scripting describes an exploit
scenario for non-persisting XSS attacks.

Karl

> 
> But giving somebody a fraudulent link is not cross-site 
> scripting, and 
> browser certificate checks would catch that anyway.
> 
> Only the service provider has control over the contents of the 
> https://www.mybank.com/services/BankingService?wsdl page, Bad 
> Guy has no 
> opportunities to enter in data that could alter that page, so I don't 
> see where the XSS concern is.

Mime
View raw message