Indian Security researcher Deepanker Verma claims to have uncovered cross-site scripting (XSS) and iFrame injection vulnerabilities on the shopping website of AOL.
According to the expert, cybercriminals could leverage these flaws to steal user cookies and hijack sessions.
To demonstrate the fact that iFrames can be injected into the AOL Shopping website, Verma has added an iFrame that points to his own site (see screenshot).
read more.......http://news.softpedia.com/news/AOL-Shopping-Website-Plagued-by-XSS-and-iFrame-Injection-Vulnerabilities-318912.shtml?utm_source=dlvr.it&utm_medium=twitter