Imperva researchers are warning of a problem with the way double quotes are encoded by Internet Explorer that can allow hackers to conduct cross-site scripting (XSS) attacks.
"Imperva claims to have notified Microsoft about the issue, but was told by the software company that this behavior is not considered a vulnerability and will not be fixed in a security update," Constantin writes. "The behavior might, however, get changed in a future IE version, Microsoft allegedly said."
Go to "IE URI encoding behavior facilitates XSS attacks, researchers say" to read the details.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.