Cross Site scripting holes are gaining popularity among hackers as straightforward holes to find in giant websites. Websites from fbi.gov, CNN.com, Time.com, Ebay, Yahoo, Apple pc, Microsoft, Zdnet, Wired, and Newsbytes have all had one type or another of XSS bugs.
XSS holes can allow Javascript insertion, which can give restricted execution. If associate attacker were to take advantage of a browser flaw (browser hole) it might then be doable to execute commands on the client's facet. If command execution were possible it would solely be possible on the client side. In easy terms XSS holes can be used to facilitate exploit other holes that may exist in your browser.
So, today i found Non-Persistent XSS Vulnerability on braintreepayments.com ,
XSS holes can allow Javascript insertion, which can give restricted execution. If associate attacker were to take advantage of a browser flaw (browser hole) it might then be doable to execute commands on the client's facet. If command execution were possible it would solely be possible on the client side. In easy terms XSS holes can be used to facilitate exploit other holes that may exist in your browser.
So, today i found Non-Persistent XSS Vulnerability on braintreepayments.com ,
It was fixed on Jan/05/2013