Imperva Warns of XSS Vulnerability in IE

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Imperva researchers are warning of a problem with the way double quotes are encoded by Internet Explorer that can allow hackers to conduct cross-site scripting (XSS) attacks.

"Imperva argues that because most browsers automatically encode special characters in URLs, some Web developers might be inclined to process request URLs in the source code of their websites without making sure that they are properly sanitized," writes ITworld's Lucian Constantin. "A hacker who identifies such a website can craft a link to it that contains a double quote followed by malicious JavaScript code."

"Imperva claims to have notified Microsoft about the issue, but was told by the software company that this behavior is not considered a vulnerability and will not be fixed in a security update," Constantin writes. "The behavior might, however, get changed in a future IE version, Microsoft allegedly said."

Go to "IE URI encoding behavior facilitates XSS attacks, researchers say" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.