He waited fro three months only to find that the vulnerabilities are still not patched.
He stated while making the disclosure, Until now, they are still unpatched.
Jing added, Simultaneously, the About.com main pages search field is vulnerable to XSS attacks too.
This means all domains related to about.com are vulnerable to XSS attacks.
In addition to the XSS and XSF vulnerabilities a new Open Redirect vulnerability related to about.com is introduced.
The XSF or the Iframe Injection vulnerability can be used for Denial of service against other websites.
A video of the Proof of Concept is given below :
https://www.youtube.com/watch?v=hx_sdDmSkg0
Read More
source: www.techworm.net
