Persistent XSS vulnerability in DELL

Nikhil Kulkarni, Security expert, has discovered Persistent Cross Site Scripting(XSS) security flaw in the official website of Dell. 

"The Persistent or Stored XSS attack occurs when the malicious code submitted by attacker is saved by the server in the database, and then permanently it will be executed in the injected page."

The password hint field in the my account page of the found to be vulnerable to stored XSS attack.

Nikhil managed to inject his own javascript code in the password hint field.  Whenever he load the My account page, it executes the injected code.

Nikhil sent notification about the vulnerability to Dell Security Team.  The vulnerability has been fixed now. 
Category: /

Share this with Your friends: