[WEB SECURITY] XSS caused by Greasemonkey userscript

Martin Johns martin.johns at gmail.com
Fri Dec 29 09:11:50 EST 2006

Hello all,

I think we all agree that browser add-ons may lead to additional
vulnerabilities in web apps that would otherwise be secure. I had some
time at my hands and looked into a couple of Greasemonkey userscripts.
I found an example where a userscript introduces new XSS holes in
various web applications. If you are interested, here is a short
writeup: http://shampoo.antville.org/stories/1537256/


Martin Johns

The Web Security Mailing List: 

The Web Security Mailing List Archives: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

More information about the websecurity mailing list