Wednesday 13 February 2013

Multiple XSS and JSP Source code disclosure vulnerability in CNN

An Information Security researcher has discovered multiple Cross Site scripting vulnerability that affects one of the Top News channel website, CNN. Few days back, The vulnerability was reported by  Quister Tow. The vulnerabilities resides in three different sub domain of CNN: searchapp.cnn.com, audience.cnn.com,dynamic.si.cnn.com.  While verifying the XSS vulnerabilities, another critical security flaw in the website that expose the source code.
The Vulnerability has been reported to CNN but there is has been no response since the day it was published by the researcher.




No comments:

Post a Comment