{"id":423,"date":"2008-12-20T18:44:23","date_gmt":"2008-12-20T23:44:23","guid":{"rendered":"http:\/\/www.coresecuritypatterns.com\/blogs\/?p=423"},"modified":"2008-12-20T18:44:23","modified_gmt":"2008-12-20T23:44:23","slug":"xss-plagues-american-express","status":"publish","type":"post","link":"https:\/\/websecuritypatterns.com\/blogs\/2008\/12\/20\/xss-plagues-american-express\/","title":{"rendered":"XSS plagues American Express Web site :-("},"content":{"rendered":"<p><em><strong><a href=\"http:\/\/www.theregister.co.uk\/2008\/12\/20\/american_express_website_bug_redux\/\" target=\"_blank\">The Register<\/a> <\/strong><\/em>exposed this !\u00a0 Cross-site Scripting (XSS) vulnerabilities allow attackers to steal user authentication cookies from AmericanExpress.com &#8211; According to an independent vulnerability assessment firm&#8230; the XSS bug still remains unfixed !! To read more&#8230;follow this <a href=\"http:\/\/www.theregister.co.uk\/2008\/12\/20\/american_express_website_bug_redux\/\" target=\"_blank\">link<\/a>:<\/p>\n<div style=\"width: 585px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/www.theregister.co.uk\/2008\/12\/20\/american_express_website_bug_redux\/\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/regmedia.co.uk\/2008\/12\/20\/xss_amex.jpg\" alt=\"http:\/\/www.theregister.co.uk)\" width=\"575\" height=\"304\" \/><\/a><p class=\"wp-caption-text\">AMEX XSS Bug (Source: http:\/\/www.theregister.co.uk)<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The Register exposed this !\u00a0 Cross-site Scripting (XSS) vulnerabilities allow attackers to steal user authentication cookies from AmericanExpress.com &#8211; According to an independent vulnerability assessment firm&#8230; the XSS bug still remains unfixed !! To read more&#8230;follow this link:<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6,9],"tags":[76],"class_list":["post-423","post","type-post","status-publish","format-standard","hentry","category-main","category-security","tag-xss"],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/posts\/423","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/comments?post=423"}],"version-history":[{"count":0,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/posts\/423\/revisions"}],"wp:attachment":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/media?parent=423"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/categories?post=423"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/tags?post=423"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}