There have been quite a few alerts on cross scripting and I'm somewhat confused on the issue. Assuming the offending script is coming from an offending site (not an e-mail with script code appended to victim url or offending script picked via bulletin board shared page) and victim site is a site where sensitive transactions can only be initiated after a valid login, what's going on.
Is it a situation where victim is logged into legit site and while session is open opens another session (through another browser window) with bad guy site and bad guys site has link to legit site appended with offending script ? If there are two separate windows, how does the offending code get passed to victim site ? Mike __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/
