Millions of Websites Susceptible to XSS Attack via OAuth Implementation Flaw
Posted: Mon Jul 29, 2024 9:37 pm
Salt Labs, the research arm of API security firm Salt Security, has discovered and published details of a cross-site scripting (XSS) attack that could potentially impact millions of websites around the world.
This is not a product vulnerability that can be patched centrally. It is more an implementation issue between web code and a massively popular app: OAuth used for social logins. Most website developers believe the XSS scourge is a thing of the past, solved by a series of mitigations introduced over the years. Salt shows that this is not necessarily so.
[...]
Millions of Websites Susceptible to XSS Attack via OAuth Implementation Flaw
This is not a product vulnerability that can be patched centrally. It is more an implementation issue between web code and a massively popular app: OAuth used for social logins. Most website developers believe the XSS scourge is a thing of the past, solved by a series of mitigations introduced over the years. Salt shows that this is not necessarily so.
[...]
Millions of Websites Susceptible to XSS Attack via OAuth Implementation Flaw