dcsimg

Security Flaw Found on American Express Site

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Email  

Security researcher Niklas Femerstrand has uncovered a vulnerability on American Express' Web site that could be used to steal credit card customers' login data.

"The cross-site scripting (XSS) hole allows attackers to use manipulated links in order to write arbitrary JavaScript code into the victim's browser," The H Security reports. "The code is then executed in the context of the American Express web site."

"Attackers could read access credentials, steal cookies or inject malicious software onto the victim's system," the article states.

Go to "Developer function enables phishing at American Express" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.

Submit a Comment

Loading Comments...