Posted by Takeshi Terada on Apr 14

Hello list members,

We released a new technical whitepaper titled:
“Identifier based XSSI attacks”

CVE numbers:
CVE-2014-6345, CVE-2014-7939

URL:
http://www.mbsd.jp/Whitepaper/xssi.pdf

Introduction:
——————————-
Cross Site Script Inclusion (XSSI) is an attack technique (or a
vulnerability) that enables attackers to steal data of certain types
across origin boundaries, by including target data using SCRIPT tag in…