Forbes.com Vulnerable to XSS injection
The Hacker News


One of the Leading News Company Forbes is Vulnerable. Hacker with name "B1uB3rry" expose that Forbes.com is vulnerable to possible SQL injection but confirmed to be vulnerable to Cross Site Script Injection (XSS) & HTML Injection. According to hacker "One can easily deface the website as other vulnerabilities exist." Live Example of XSS injection on Forbes . Hacker is Admin of B1uB3rry Security Team (San Antonio, TX).


Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables attackers to inject client-side script into web pages viewed by other users.


UPDATE:
Another XSS on Subdomain of Forbes. This Vulnerability also exposed by a hacker on Twitter.
The Hacker News

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.