Sunday, September 19, 2010

Visa website vulnerable to XSS

Cross-site scripting flaw and redirect on usa.visa.com

POC:

http://usa.visa.com/vro/templates/email_form.jsp?id=31166&type=1071&email=XSS

http://usa.visa.com/vro/templates/email_form.jsp?id=31166&type=1071&email=Redirect











what about:









XSS Weakness Found on Visa USA Website