Posted by Jing Wang on Oct 16

New York Times nytimes.com Page Design XSS Vulnerability (Almost all
Article Pages Before 2013 are Affected)

Domain:
http://www.nytimes.com/

Vulnerability Description:
The vulnerability occurs at New York Times’s URLs. Nytimes (short for New
York Times) uses part of the URLs to construct its pages. However, it seems
that Nytimes does not filter the content used for the construction at all
before 2013.

Based on Nytimes’s Design, Almost all…