Don’t take my word for it, Networkworld.com has just published a paper describing XSS as the top security risk of all vulnerabilities. According to MITRE it’s true! Go figure! Well I can’t say it surprised me too much to hear it, but it was surprising to hear it happen so quickly. Yah, it may not be as obviously dangerous as other attacks, because it in of itself is not an attack, it is a vector by which to enable other attacks.
However, it’s great to see “the little vulnerability that could” finally grow into the largest single threat that faces the internet today. As Jeremiah Grossman and I laughed about, we should make a tee-shirt that says “Veni Vedi XSSdi” - that is “I came I saw I XSSd”.