[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] =?utf-8?q?Sekurity_is_hard_=E2=80=93_technicaleducation=2Ec?= =?utf-8?q?isco=2Ecom_vulnerable_
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2014-08-22 12:38:59
Message-ID: alpine.DEB.2.02.1408221238050.18943 () infosecnews ! org
[Download RAW message or body]

http://www.infosecnews.org/sekurity-is-hard-technicaleducation-cisco-com-vulnerable-to-xss/

By William Knowles @c4i
Senior Editor
InfoSec News
August 22, 2014

On 21 of August 2014 the security researcher E1337 reported to XSSposed 
(XSS exposed) that technicaleducation.cisco.com has an XSS (Cross-Site 
Scripting) vulnerability which currently has 2 vulnerabilities in total 
reported by security researchers).

Cross-Site Scripting (XSS) inserts specially crafted data into existing 
applications through Web sites. XSS attacks occur when an attacker uses a 
web application to send malicious code, generally in the form of a 
modification to a browser script, to a different end user. XSS attacks 
often lead to bypass of access controls, unauthorized access, and 
disclosure of privileged or confidential information. Cross-site scripting 
attacks are listed as the number three vulnerability on the OWASP Top 10 
list for 2013. XSS attacks are becoming more and more sophisticated these 
days and are being used in pair with spear phishing, social engineering 
and drive-by attacks.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
[prev in list] [next in list] [prev in thread] [next in thread]