Researcher Demos Pentagon XSS Vulnerability

Kara Reeder

A researcher, going by the alias "Ne0h," has posted two proof-of-concept scripts for a months-old cross-site scripting (XSS) vulnerability affecting the Web site for the Pentagon, reports SC Magazine.


The vulnerability is on the Pentagon's "Tours" page. However, none of the exploits could lead to any sensitive Pentagon data being exposed. Still, a successful attack could affect users visiting the site:


If not patched, the Pentagon Web site may be used as part of other web-based attacks via redirection using URLs sent to a user that appear to be from the Pentagon Web site.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making


SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data