We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.

Security Flaw Found on American Express Site

Download our in-depth report: The Ultimate Guide to IT Security Vendors

Security researcher Niklas Femerstrand has uncovered a vulnerability on American Express' Web site that could be used to steal credit card customers' login data.

"The cross-site scripting (XSS) hole allows attackers to use manipulated links in order to write arbitrary JavaScript code into the victim's browser," The H Security reports. "The code is then executed in the context of the American Express web site."

"Attackers could read access credentials, steal cookies or inject malicious software onto the victim's system," the article states.

Go to "Developer function enables phishing at American Express" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.

Submit a Comment

Loading Comments...