A Quick Amex XSS

Here is a quick description of a cross-site script exploit that was fixed today on the American Express website. The vulnerability was in the search engine of the site, which didn’t sanitized the input keywords. Therefore anyone could insert JavaScript into the search and use this to trick people into sending their cookies to the […]