美国有线电视新闻网跨站脚本安全漏洞
CNN (cnn.com) Travel-City Related Links XSS (cross site scripting) Security Vulnerabilities
"As of August 2013, CNN is available to approximately 98,496,000 cable, satellite and telco television households (86% of households with at least one television set) in the United States." (Wikipedia)
Based on post published on Full Disclosure, CNN.com was hacked by XSS vulnerability in 2007.
The vulnerability can be exploited without user login. Tests were performed on Firefox (34.0) in Ubuntu (14.04) and IE (9.0.15) in Windows 7.
Reported by:
Wang Jing,School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore.
Detail:
http://securityrelated.blogspot.com/2014/12/cnn-cnncom-travel-xss-and-ads-open.html
评论
热度 ( 19 )