A researcher, going by the alias "Ne0h," has posted two proof-of-concept scripts for a months-old cross-site scripting (XSS) vulnerability affecting the Web site for the Pentagon, reports SC Magazine.
The vulnerability is on the Pentagon's "Tours" page. However, none of the exploits could lead to any sensitive Pentagon data being exposed. Still, a successful attack could affect users visiting the site:
If not patched, the Pentagon Web site may be used as part of other web-based attacks via redirection using URLs sent to a user that appear to be from the Pentagon Web site.