Acunetix released a free version of its more powerful Web site secuity scanner. The free scanner checks for cross-site scripting vulnerabilities.
A spokesperson for Acunetix said that "Out of the 100,000 websites scanned by Acunetix WVS, 42% were found to be vulnerable to cross-site scripting attacks (XSS)." The spokesperson went on the say that "Many large-scale corporations have fallen prey to \[XSS attacks\] as it is one of the most common yet underestimated of Web attacks. In August 2006, hackers stole the personal data of nearly 19,000 DSL equipment customers through a vulnerability in AT&T's online store. \[...\] In June 2006, PayPal users were tricked into giving away social security numbers, credit card details and other highly sensitive personal information through a cross site scripting vulnerability in the PayPal website. A report from Mitre Corp., a US government funded research organization, issued in September 2006 indicated that \[XSS attacks\] first in a list of top security risks."
Anyone can download a copy of the free scanner after providing a valid email address. The scanner checks and reports on XSS problems, and also lets users probe Acunetix demo sites to locate other types of Web-based vulnerabilities. The demo sites serve to demonstrate the power of the paid version of the scanner.
For more information about XSS attacks and the dangers they pose to both Web site operators and Web site users read Acuextix's detailed explanation of the problem