cancel
Showing results for 
Search instead for 
Did you mean: 

The Telegraph and Daily Mail Fix XSS Vulnerabilities

Highlighted
Sr. Community Expert Advisor

The Telegraph and Daily Mail Fix XSS Vulnerabilities

By Catalin Cimpanu    3 Nov 2015

 

A third unauthorized redirect issue is still present

 

                                     Daily Mail and Telegraph fix 2 XSS issues

 

Security researcher Jing Wang discovered two XSS vulnerabilities on the websites of the Daily Mail and The Telegraph, two famous UK online newspapers. Both vulnerabilities have now been fixed.

 

The first issue that Wang discovered affected The Telegraph's website, and more specifically, its image galleries.

 

Attackers, as Wang discovered, would have been able to execute JavaScript code by appending malicious code at the end of the image gallery URL, via the "frame" parameter, which, as in most cases with XSS attacks, was insufficiently sanitized.

 

The second XSS vulnerability he found was on the Daily Mail's website, via its "report comment abuse" page. As with the Telegraph issue, a parameter was left unsanitized, which allowed attackers to insert malicious code at the end of the URL.

 

Full Article

 

2016-07-18_12-11-32.png  Microsoft® Windows Insider MVP - Windows Security