Weather.com might be exposed to an XSS attack.

Weather.com might be exposed to an XSS attack.

The vulnerability in The Weather Channel was discovered by a doctoral student named Wang Jing. But it’s fine now. The Weather Channel, weather.com, has now fixed a usual web application security issue on its website that made almost its entire links susceptible to XSS attacks or Cross-Site Scripting. Wang Jing is a doctoral student in Singapore studying at Nanyang Technological University at the School of Physical and Mathematical Sciences.

He learned that more than 75 percent [75%] of the web pages in The Weather Channel were susceptible to Cross-Site Scripting attacks or XSS. According to Wang Jing, an attacker only need to insert scripts at the end of The Weather Channel’s URLs and the scripts will then be executed.

You can learn about Wang Jing’s findings at the Full Disclosure Forum site, The Weather Channel Almost All Links Vulnerable. He said in his post that he tested tens of thousands of links on The Weather Channel using a custom tool. He even created a video and posted it on YouTube illustrating how an XSS attack can be made. See video.

Weather.com might be exposed to an XSS attack.

Hello Ave Boers,  Cross site scripting is a scripting tool which is used by hackers. This is basically a coding script which hackers run on victim computer and gain access to that system. Very recently a famous website weather.com faces this attack. It is very vital. Yet the engineers gain access back to website within very less time but i shows there is lack of defects in security till today. They are now going to check the security or every possible attack. Hopes everything goes good and in future, There will not be any repetition of this incidence.