Category Archives: vulnerability

Penske Media Cross-site Scripting

Update 05-Jan-2013:

All reported issues has been fixed. Packet Storm entry has been updated:



Original situation:

Multiple Penske Media Corporation ( web-sites are vulnerable to reflected Cross-site Scripting attacks. Vulnerable sites 20-Nov-2012:,, and


Update 27-Nov-2012:

Senior Director of Engineering at PMC contacted me shortly after this post. Security issues are being addressed in effective manner.  – Issue has been fixed during Thanksgiving holiday

According to PMC, rest of the vulnerabilities should be fixed in the near future.


Packet storm advisory:

I reported the findings initially to various contacts at Variety on 16-Oct-2012. All reporting attempts apparently failed, because there has been no response.

Users should be careful and avoid clicking on the links that are pointing to XSS vulnerable domains.

Example screen-shots: XSS XSS

Tagged ,