Tag Archives: vulnerability

Penske Media Cross-site Scripting

Update 05-Jan-2013:

All reported issues has been fixed. Packet Storm entry has been updated: http://packetstormsecurity.com/files/118249/Penske-Media-Corporation-Cross-Site-Scripting.html

_____________________

 

Original situation:

Multiple Penske Media Corporation (http://www.pmc.com) web-sites are vulnerable to reflected Cross-site Scripting attacks. Vulnerable sites 20-Nov-2012:

Variety.com, La411.com, NewYork411.com and Deadline.com

_____________________

Update 27-Nov-2012:

Senior Director of Engineering at PMC contacted me shortly after this post. Security issues are being addressed in effective manner.

Deadline.com  – Issue has been fixed during Thanksgiving holiday

According to PMC, rest of the vulnerabilities should be fixed in the near future.

_____________________

Packet storm advisory: http://packetstormsecurity.org/files/118249/Penske-Media-Corporation-Cross-Site-Scripting.html

I reported the findings initially to various contacts at Variety on 16-Oct-2012. All reporting attempts apparently failed, because there has been no response.

Users should be careful and avoid clicking on the links that are pointing to XSS vulnerable domains.

Example screen-shots:

Deadline.com XSS

Variety.com XSS

Tagged ,