Saturday, October 6, 2012

XSS vulnerability in Southwest Airlines

Southwest Airlines suffers from a reflected Cross-site Scripting (XSS) vulnerability.

Update 30-Dec-2012: This issue has been fixed.

I have tried to contact Southwest using various channels: e-mails, contact forms, persons via LinkedIn etc. I have not received a single response in four months.

One channel I did not even try this time is US-CERT, because they have not responded to my earlier e-mails.

I hope companies would open a working channel for security researchers and pentesters. Simple e-mail address like security at would be nice.

Responsible disclosure requires responsible vendors.

No comments:

Post a Comment