Southwest Airlines suffers from a reflected Cross-site Scripting (XSS) vulnerability.
Update 30-Dec-2012: This issue has been fixed.
I have tried to contact Southwest using various channels: e-mails, contact forms, persons via LinkedIn etc. I have not received a single response in four months.
One channel I did not even try this time is US-CERT, because they have not responded to my earlier e-mails.
I hope companies would open a working channel for security researchers and pentesters. Simple e-mail address like security at company.com would be nice.
Responsible disclosure requires responsible vendors.
No comments:
Post a Comment