AOL Fixes Netscape.com XSS Hack

AOL's newly launched user-driven Netscape.com fell victim to a cross-site scripting (XSS) attack early Wednesday, the result of the site not properly sanitizing submitted news stories. Visitors to Netscape.com encountered crude pop-up messages and redirects to rival site Digg.

The problem stemmed from inadequate filtering of stories, which did not strip out JavaScript code that exploited an XSS issue. "The site was never compromised," an AOL spokesperson told BetaNews. "The issue lasted a couple hours before it was fixed." The company says it does not believe any malicious code was submitted during that timeframe.

3 Responses to AOL Fixes Netscape.com XSS Hack

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.