XSS vulnerabilities on VnExpress

XSS on e.vnexpress.net Recently I found two XSS vulnerabilities on vnExpress website. It all begins with the newly introduced English version of VnExpress, and I didn’t have to spend a lot of time to find the search box wasn’t escaped properly. Just do a search with “> will reveal this. XSS on e.VNE Pretty serious problem if anyone still doesn’t care about escaping user-input, especially on a search box. [Read More]