No I mean the fact that this was possible on their website, XSS is one of the si... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mathieuh on Oct 28, 2020 \| parent \| context \| favorite \| on: That company whose name used to contain HTML scrip... No I mean the fact that this was possible on their website, XSS is one of the simplest things to test, in fact it was one of the standard tests UI testers would do on new screens. Not saying they were compromised.

ceejayoz on Oct 28, 2020 [–]

It wasn't possible on their website.

They provide data feeds to many third parties, who might themselves be vulnerable, hence the notification.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact