Weather Channel Website Vulnerable to Reflected XSS Attacks


Popular Weather Channel web site ( has been found to be vulnerable to a reflected Cross-Site Scripting flaw, according to security researcher Wang Jing’s research. The vulnerability lies in that does not filter malicious script codes when constructing HTML tags with its URLs. This way, an attacker just adds a malicious script at the end of the URL and executes it.

“If The Weather Channel’s users were exploited, their Identity may be stolen,” Jing said via email. “At the same time, attackers may use the vulnerability to spy users’ habits, access sensitive information, alter browser functionality, perform denial of service attacks, etc.”

Wang Jing is a Ph.D student from School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore. He found that at list 76.3% of Weather Channel website links were vulnerable to XSS attacks. Attackers just need to add scripts at end of Weather Channel’s URLs. Then the scripts will be executed.



Related News:




在下方填入你的資料或按右方圖示以社群網站登入: Logo

您的留言將使用 帳號。 登出 / 變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 / 變更 )


您的留言將使用 Facebook 帳號。 登出 / 變更 )

Google+ photo

您的留言將使用 Google+ 帳號。 登出 / 變更 )

連結到 %s