"Gallup Cross-Site Scripting Error Could Have Led to Data Theft"

Checkmarx reports that Gallup fixed two Cross-Site Scripting (XSS) errors on its website that could have resulted in data theft and account takeovers. Gallup is known for its public opinion polls, including polls regarding US politics and elections. An attacker could have exploited the XSS flaws to trick victims into clicking links from the legitimate Gallup website that led to data extraction or session hijacking. This article continues to discuss the Gallup XSS errors and the impact these flaws could have had.  

SC Magazine reports "Gallup Cross-Site Scripting Error Could Have Led to Data Theft"

Submitted by grigby1

Submitted by Gregory Rigby on