Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Sekurity is hard – technicaleducation.cisco.com vulnerable to XSS

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 22 Aug 2014 12:38:59 +0000 (UTC)
http://www.infosecnews.org/sekurity-is-hard-technicaleducation-cisco-com-vulnerable-to-xss/

By William Knowles @c4i
Senior Editor
InfoSec News
August 22, 2014
On 21 of August 2014 the security researcher E1337 reported to XSSposed (XSS exposed) that technicaleducation.cisco.com has an XSS (Cross-Site Scripting) vulnerability which currently has 2 vulnerabilities in total reported by security researchers).
Cross-Site Scripting (XSS) inserts specially crafted data into existing applications through Web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a modification to a browser script, to a different end user. XSS attacks often lead to bypass of access controls, unauthorized access, and disclosure of privileged or confidential information. Cross-site scripting attacks are listed as the number three vulnerability on the OWASP Top 10 list for 2013. XSS attacks are becoming more and more sophisticated these days and are being used in pair with spear phishing, social engineering and drive-by attacks. 

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
Previous By Date Next
Previous By Thread Next

Current thread: