Skip to content Skip to footer
0 items - $0.00 0
Menu

More American Express sites vulnerable to XSS and open redirects by abin_p

0CommentsShare Post
More American Express sites vulnerable to XSS and open redirects by abin_p
News

More American Express sites vulnerable to XSS and open redirects by abin_p

January 5, 2023
0Comments
Share This Article
Share Post
Newsletter

Sed ut perspiciatis unde.

Subscribe

Send to HN

Written by DP

Tuesday, 5 October 2010

Three more critical vulnerabilties have been reported for AmericanExpress.com… The other XSS is still pending a fix.

PaPPy” has reported an open redirect vulnerability in search.americanexpress.com and one XSS bug on the card reviews forum.

d3v1l” from Security-Sh3ll has reported a cross-site scripting hole affecting the supposedly secure American Express online rewards mall, a shopping portal that offers special offers and discounts to PASS prepaid card members at hundreds of online merchants, as well as in stores.

“Ensuring proper validation of all inputs in Web applications, in order to prevent cross-site scripting and SQL injection vulnerabilities, is actually a requirement of the Payment Card Industry Data Security Standard (PCI-DSS).”, Lucian Constantine, SoftPedia’s security columnist, writes.

To avoid further embarrassment, American Express must really review their data security operating policy and update it correctly in order to achieve compliance with their following statements, since they are founding

Read More

Tags:
0Likes
Leave a comment

Leave a comment

In the Shadows of Innovation”

© 2025 HackTech.info. All Rights Reserved.

Sign Up to Our Newsletter

Be the first to know the latest updates

Whoops, you're not connected to Mailchimp. You need to enter a valid Mailchimp API key.