Search This Blog

Microsoft official website( vulnerable to XSS

Cross site scripting vulnerability in

Security Researcher @flexxpoint come with interesting find; Microsoft official website( is vulnerable to Cross Site Scripting (XSS).  The vulnerability is in the Products page url.
?hdrFo=mthdr02'"--></style></script%<svg><!>3E<script>alert('Simple XSS')</script>

The highlighted code is injected XSS attack code.  The above code first popup alert box that says "XSS", following that it will redirect you to the website.

The simplified version of the code:'"--><script>alert("XSS")</script> 

Replacing this code with malicious javascript allows an attacker to steal cookies or can be used for phishing attack.  In past, researcher discovered XSS vulnerability in Ubuntu website also.
Share it:

Breaking News


Web Application Vulnerability

XSS Vulnerability