Saturday, October 6, 2012

XSS vulnerability in Southwest Airlines


Southwest Airlines suffers from a reflected Cross-site Scripting (XSS) vulnerability.

Update 30-Dec-2012: This issue has been fixed.


I have tried to contact Southwest using various channels: e-mails, contact forms, persons via LinkedIn etc. I have not received a single response in four months.


One channel I did not even try this time is US-CERT, because they have not responded to my earlier e-mails.

I hope companies would open a working channel for security researchers and pentesters. Simple e-mail address like security at company.com would be nice.


Responsible disclosure requires responsible vendors.



No comments:

Post a Comment