[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Severity Rating of Cross Site Scripting

From: Achim Hoffmann <kirke11@xxxxxxxxxxxx>
Subject: Re: [WEB SECURITY] Severity Rating of Cross Site Scripting
Date: Tue, 26 Sep 2006 23:33:09 +0200 (MEST)

!! What I'm interested to know how others in the industry view XSS in
!! terms of severity rating. Are there plans to increased reported
!! severity?

here're our ratings:
  - website spoofing, frame spoofing high
  - link spoofing low ('caus the change can simply be identified by any user)
     but I guess this needs to be changed to high too 'cause of web worms
  - XSS i.g. high
  - XSS if just HTML injection low

sounds pretty much as Jeremiah's new rating ..

{-; Achim



----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

References:
- [WEB SECURITY] Severity Rating of Cross Site Scripting
  - From: Jeremiah Grossman

Prev by Date: Re: [WEB SECURITY] Severity Rating of Cross Site Scripting
Next by Date: Re: [WEB SECURITY] Severity Rating of Cross Site Scripting
Previous by thread: Re: [WEB SECURITY] Severity Rating of Cross Site Scripting
Next by thread: Re: [WEB SECURITY] Severity Rating of Cross Site Scripting
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org