USA Today article by Byron Acohido that details WhiteHat Security's assesment of Hotmail, Yahoo, Amazon, and America Online.

How the attack affects websites hosted on the Apache webserver and Apache specific issues.

Paper by EyeonSecurity explaining how to inject CSS attacks into Web applications which allow Flash content.

Advisory published jointly by the CERT Coordination Center, DoD-CERT, the DoD Joint Task Force for Computer Network Defense (JTF-CND), the Federal Computer Incident Response Capability (FedCIRC), and the National Infrastructure Protection Center (NIPC).

Examples in C and Perl.

Charles Schwab's online customers are at risk of having their account information accessed and their accounts manipulated due to the same software vulnerability that affected E-Trade's Web site in September.

Security consultant David deVitry offers background information, a free CSS vulnerability detector, and a list of vulnerable sites.

Predicts semi-automated techniques will aggressively begin to emerge for targeting and hijacking web applications.

Microsoft Technet provides a FAQ, overview of the threats posed by XSS, and suggestions for how their customers can protect themselves.

Article on this often overlooked threat with links.

Patch available for 'IIS Cross-Site Scripting' vulnerabilities.

Paul Lindner, author of the mod_perl cookbook, explains how to secure our sites against Cross-Site Scripting attacks using mod_perl and Apache::TaintRequest.

Answers questions on identification, threats, and prevention. Provides examples and links.