The worm could scan IP addresses for vulnerable pages and then spread quickly across the internet.
These flaws are have been gathered in an online archive, XSSED.com, that could be used by malware writers to identify vulnerable sites.
A permanent malware spamming program could spread viruses across the internet by setting up a continuous link to the vulnerable site.
"XSSED.com has the largest archive of real, fully working, XSS vulnerabilities available today," said a site poster known as 'pdp'.
"They even have a list of XSS vulnerabilities found in websites ranked 500 and below. We are talking about high profile websites here."
The only limiting factor would be the ability of the online database to handle the traffic.
"A super worm of this kind could have potentially devastating consequences in the very near future," said Pete Simpson, Threatlab Active manager at Clearswift.
"The technology exists and the key question is one of motivation. A multitude of easy targets within web 2.0 social networks must certainly be attractive to organised crime."
_(33).jpg&h=140&w=231&c=1&s=0)
_(36).jpg&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
Melbourne Cloud & Datacenter Convention 2026
.jpg&h=271&w=480&c=1&s=1)
_(1).jpg&h=140&w=231&c=1&s=0)
