Security researcher Niklas Femerstrand has uncovered a vulnerability on American Express' Web site that could be used to steal credit card customers' login data.

"The cross-site scripting (XSS) hole allows attackers to use manipulated links in order to write arbitrary JavaScript code into the victim's browser," The H Security reports. "The code is then executed in the context of the American Express web site."

"Attackers could read access credentials, steal cookies or inject malicious software onto the victim's system," the article states.

Go to "Developer function enables phishing at American Express" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.