[ISN] Sekurity is hard – technicaleducation.cisco.com vulnerable to XSS

http://www.infosecnews.org/sekurity-is-hard-technicaleducation-cisco-com-vulnerable-to-xss/ By William Knowles @c4i Senior Editor InfoSec News August 22, 2014 On 21 of August 2014 the security researcher E1337 reported to XSSposed (XSS exposed) that technicaleducation.cisco.com has an XSS (Cross-Site Scripting) vulnerability which currently has 2 vulnerabilities in total reported by security researchers). Cross-Site Scripting (XSS) inserts specially crafted data into existing applications through Web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a modification to a browser script, to a different end user. XSS attacks often lead to bypass of access controls, unauthorized access, and disclosure of privileged or confidential information. Cross-site scripting attacks are listed as the number three vulnerability on the OWASP Top 10 list for 2013. XSS attacks are becoming more and more sophisticated these days and are being used in pair with spear phishing, social engineering and drive-by attacks. […]