A fresh batch of critical cross-site scripting and open redirect vulnerabilities was added today to the archive.

*UPDATED 03/06/2009* - A fresh batch of critical cross-site scripting and open redirect vulnerabilities was added today to the archive.

Hundreds of thousand websites host vulnerable Flash files which can be used by malicious people to conduct convincing phishing and XSS attacks. In most cases cookie hijacking is possible. Unsuspecting users can be redirected to malware content sites from trustworthy sites using SSL.

Hexspirit has reported another critical XSS vulnerability on easypay.gr, owned by Pireaus Bank / Winbank.

Security researcher "Hexspirit" has discovered multiple XSS and open redirect vulnerabilities affecting all major Greek bank websites.

A security researcher who goes by the nickname "Black-Hacker", has submitted to the archive a critical XSS vulnerability affecting a Google SSL page.

Roi Saltzman, a Security Researcher at IBM Rational Application Security Research Group, has been credited with the discovery  of this vulnerability - now fixed on Version 1.0.154.59 - which allows universal cross-site scripting (UXSS) without user interaction under certain conditions.  

Security researcher Pierre Gardenat has recently discovered two critical cross-site scripting bugs on Barclays.com.

Methodman from Team-Elite has discovered a few vulnerabilities on several McAfee websites. Malicious users can exploit these bugs to infect customers and site visitors with malware, adware and spyware. They can also conduct phishing attacks by redirecting McAfee customers to fake McAfee sites.

Xylitol reported five critical cross-site scripting vulnerabilities affecting Sun Microsystems website.

Security researcher Pierre Gardenat reported a new interesting vulnerability in Google's service Orkut. Malicious users can spread XSS worms on Orkut or steal authentication credentials from Google users who also use Orkut. *FIXED*

According to methodman, the search feature for Symantec Connect page was vulnerable to XSS. Malicious people could exploit these XSS vulnerabilities to infect millions of Symantec users and site visitors with malware, adware and spyware.