XSS vulnerabilities on VnExpress
XSS on e.vnexpress.net Recently I found two XSS vulnerabilities on vnExpress website. It all begins with the newly introduced English version of VnExpress, and I didn’t have to spend a lot of time to find the search box wasn’t escaped properly. Just do a search with “> will reveal this.
XSS on e.VNE Pretty serious problem if anyone still doesn’t care about escaping user-input, especially on a search box.
[Read More]