Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
Kiro
on May 28, 2013
|
parent
|
context
|
favorite
| on:
PayPal denies teenager reward for finding website ...
Off-topic but I thought XSS was about injecting JS which other users can see. Is this really a vulnerability and not just a bug?
1SaltwaterC
on May 29, 2013
|
next
[–]
How many actual users suspect that something is wrong with the input, even without URL obfuscation? OTOH, with a permanent XSS it is pretty much game over, even though I doubt that's the case. XSS can do a lot of damage if used properly.
d3c0d3dab0d3
on May 28, 2013
|
prev
[–]
If you can inject JS then you can steal session cookies. Other stuff too, but XSS is a big deal.
Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
