http://www.infosecnews.org/sekurity-is-hard-technicaleducation-cisco-com-vulnerable-to-xss/
By William Knowles @c4i
Senior Editor
InfoSec News
August 22, 2014
On 21 of August 2014 the security researcher E1337 reported to XSSposed
(XSS exposed) that technicaleducation.cisco.com has an XSS (Cross-Site
Scripting) vulnerability which currently has 2 vulnerabilities in total
reported by security researchers).
Cross-Site Scripting (XSS) inserts specially crafted data into existing
applications through Web sites. XSS attacks occur when an attacker uses a
web application to send malicious code, generally in the form of a
modification to a browser script, to a different end user. XSS attacks
often lead to bypass of access controls, unauthorized access, and
disclosure of privileged or confidential information. Cross-site scripting
attacks are listed as the number three vulnerability on the OWASP Top 10
list for 2013. XSS attacks are becoming more and more sophisticated these
days and are being used in pair with spear phishing, social engineering
and drive-by attacks.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
