[ISN] NASDAQ Vulnerable to XSS

http://www.infosecnews.org/nasdaq-vulnerable-to-xss/ By William Knowles @c4i Senior Editor InfoSec News January 16, 2015 Bob Greifeld, CEO of The NASDAQ Stock Market explains in a promotional video “that NASDAQ is a technology based company, those businesses that we’re in have a unifying theme that are built upon our technology.” Top technology companies such as Google, Tesla, Amazon, and GoPro to name a few use NASDAQ as their trading exchange. When NASDAQ “goes to a developing market and provide to them our technology, its not just the software code, its all the best practices that have been developed on a global basis that they to integrate into their operations.” With this information in mind, it doesn’t explain why a security researcher named analfabestia was able to discover and report a new XSS (Cross-Site Scripting) vulnerability on NASDAQ.com on January 14, 2015, The sixth such vulnerability in nearly seven years. […]