Vulnerabilities to XSS are not uncommon and may be present at times even on major websites. Since XSS attacks those viewing the site, not the site per se, and the problems do not affect normal usage of the site, the staff at the site generally will not be aware of the vulnerability. The fact that a link provided in an email or on a web site is to a reputable website does not mean that the major website could not have a scripting error that will be manipulated by a malicious link provided in the email or web site.
The best defense against XSS is to access web sites directly whenever possible. e.g. Go to Google or eBay or whatever directly, not through a link on a website or in an eMail.
Return To Index Copyright 1994-2002 by Donald Kenney.