Researcher identifies XSS vulnerability affecting Citibank website

Posted on Updated on

A security researcher who goes by the name ‘E1337′ identified a cross-site scripting (XSS) vulnerability affecting the website belonging to Citibank – http://www.citibank.com – and reported it on Friday to XSSposed.org, an archive where researchers can report XSS vulnerabilities impacting websites.

The issue has yet to be patched, according to the post, which shows the latest check for a patch as being performed on Monday.

Researcher identifies XSS vulnerability affecting Citibank website

The XSS bug puts users, visitors and administrators at risk of having their cookies, personal data, authentication credentials and browser history stolen by attackers, the post indicates, adding these are “probably the less dangerous consequences of XSS attacks.”

According to the post, increasingly sophisticated XSS attacks are being paired with spear phishing, social engineering and drive-by attacks.

A Citi spokesperson was not immediately available for comment.

Source:http://www.scmagazine.com/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s