CitiBank's online cash site, C2IT.com, has substantial vulnerabilities to Cross Site Scripting. The site is similar to PayPal in that it lets users attach Bank and Credit Card account to this online system. Users can then "send" cash to any user via their email address.
This alert documents two sample attacks: -Gaining access to user's credit card and bank account numbers -Scripting cash transfers out of users accounts and/or credit cards
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.