Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » DDoS attack enabled by persistent XSS vulnerability on top video content provider's site

DDoS attack enabled by persistent XSS vulnerability on top video content provider's site

2014/04/05

Softpedia - (International) Incapsula reported that they mitigated an application layer distributed denial of service (DDoS) attack against a client which utilized a cross-site scripting (XSS) vulnerability in a popular video content provider's Web site. Malicious JavaScript code was injected into a tag associated with users' profiles, which executed whenever a legitimate user accessed the page.

Source: http://news.softpedia.com/news/DDOS-Attack-Enabled-by-Persistent-XSS-Vulnerability-on-Top-Video-Content-Provider-s-Site-436029.shtml

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:19:49