An Information Security researcher has discovered multiple Cross Site scripting vulnerability that affects one of the Top News channel website, CNN. Few days back, The vulnerability was reported by Quister Tow. The vulnerabilities resides in three different sub domain of CNN: searchapp.cnn.com, audience.cnn.com,dynamic.si.cnn.com. While verifying the XSS vulnerabilities, another critical security flaw in the website that expose the source code.
The Vulnerability has been reported to CNN but there is has been no response since the day it was published by the researcher.
No comments:
Post a Comment