| What is the (Cross Site Scripting) XSS vulnerability that has been recently noticed on the website Weather.com. What is the consequence of this and how could it leave the website exposed to attacks What has caused the website to be exposed to such an attack? What can be done to patch the issue and secure the website? |
Â
The vulnerability in The Weather Channel was discovered by a doctoral student named Wang Jing. But it’s fine now. The Weather Channel, weather.com, has now fixed a usual web application security issue on its website that made almost its entire links susceptible to XSS attacks or Cross-Site Scripting. Wang Jing is a doctoral student in Singapore studying at Nanyang Technological University at the School of Physical and Mathematical Sciences.
He learned that more than 75 percent [75%] of the web pages in The Weather Channel were susceptible to Cross-Site Scripting attacks or XSS. According to Wang Jing, an attacker only need to insert scripts at the end of The Weather Channel’s URLs and the scripts will then be executed.
You can learn about Wang Jing’s findings at the Full Disclosure Forum site, The Weather Channel Almost All Links Vulnerable. He said in his post that he tested tens of thousands of links on The Weather Channel using a custom tool. He even created a video and posted it on YouTube illustrating how an XSS attack can be made. See video.
[video:http://youtu.be/Ij78WnzKB4M]
Hello Ave Boers, Â Cross site scripting is a scripting tool which is used by hackers. This is basically a coding script which hackers run on victim computer and gain access to that system. Very recently a famous website weather.com faces this attack. It is very vital. Yet the engineers gain access back to website within very less time but i shows there is lack of defects in security till today. They are now going to check the security or every possible attack. Hopes everything goes good and in future, There will not be any repetition of this incidence.
