RSS XSS Vulnerabilities

06 Oct 2012

iiNet, a major ISP in Australia seems to be a little less secure than they claim they are. After merely searching for XSS vulnerabilities on their website for 5 minutes, I had found these two vulnerabilities. Two non-persistent vulnerabilities, one surprisingly located in iiNet’s main search page.

Here is the main search page vulnerability:

iiNet Search Page XSS


This is another vulnerability on the iiNet Freezone main page:

iiNet Freezone XSS vulnerability


I have reported the above vulnerabilities to iiNet and have gotten no response. Hopefully they will fix the vulnerabilities in the near future.

No Comments

Posted in XSS


Leave a Reply