A third unauthorized redirect issue is still present
Security researcher Jing Wang discovered two XSS vulnerabilities on the websites of the Daily Mail and The Telegraph, two famous UK online newspapers. Both vulnerabilities have now been fixed.
The first issue that Wang discovered affected The Telegraph's website, and more specifically, its image galleries.
The second XSS vulnerability he found was on the Daily Mail's website, via its "report comment abuse" page. As with the Telegraph issue, a parameter was left unsanitized, which allowed attackers to insert malicious code at the end of the URL.