On Monday, January 19 E1337 security researcher discovered a vulnerability on the website of the European Bank for Reconstruction and Development, which allows to carry out cross-site scripting attack. As 12:00 Moscow time on January 20 gap remained uncorrected, endangering both administrators and users ebrd.com.
According to the website xssposed.org, kidnapping files cookie, personal information, passwords, and search history on the Internet are just some of the threats posed by XSS-attack.
We note that recently the European Bank for Reconstruction and Development was not the first major international organization, on the site which was discovered XSS-vulnerability. So, on January 11 became aware of a gap in the resource reputable rating agency Fitch Ratings. In addition, earlier this month, experts High-Tech Bridge found that cross-site scripting attacks to vulnerable Microsoft Dynamics CRM 2013 SP1.
Source:securitylab.ru
No comments:
Post a Comment