By William Knowles @c4i
August 22, 2014
On 21 of August 2014 the security researcher E1337 reported to XSSposed (XSS exposed) that technicaleducation.cisco.com has an XSS (Cross-Site Scripting) vulnerability which currently has 2 vulnerabilities in total reported by security researchers).
Cross-Site Scripting (XSS) inserts specially crafted data into existing applications through Web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a modification to a browser script, to a different end user. XSS attacks often lead to bypass of access controls, unauthorized access, and disclosure of privileged or confidential information. Cross-site scripting attacks are listed as the number three vulnerability on the OWASP Top 10 list for 2013. XSS attacks are becoming more and more sophisticated these days and are being used in pair with spear phishing, social engineering and drive-by attacks.
The vulnerability is still unpatched putting technicaleducation.cisco.com users, visitors and administrators at risk of being compromised by malicious hackers. Theft of cookies, personal data, authentication credentials and browser history are probably the less dangerous consequences of XSS attacks.
You can request to check if the vulnerability was patched or not by clicking here.
Photo by Disney.com