Thursday, December 18, 2008

American Express web bug exposes card holders!

XSS: Entrenched since November 2008

A glaring vulnerability on the American Express website has unnecessarily put visitors at risk for more than two weeks and violates industry regulations governing credit card companies, a security researcher says.
Among other things, the cross-site scripting (XSS) error on allows attackers to steal users' authentication cookies, which are used to validate American Express customers after they enter their login credentials.
For more information related to this XSS attack refer below link:-

No comments: