Nikhil Kulkarni, Security expert, has discovered Persistent Cross Site Scripting(XSS) security flaw in the official website of Dell.
The password hint field in the my account page of the ecomm.apj.dell.com found to be vulnerable to stored XSS attack.
Nikhil managed to inject his own javascript code in the password hint field. Whenever he load the My account page, it executes the injected code.
Nikhil sent notification about the vulnerability to Dell Security Team. The vulnerability has been fixed now.
"The Persistent or Stored XSS attack occurs when the malicious code submitted by attacker is saved by the server in the database, and then permanently it will be executed in the injected page."
The password hint field in the my account page of the ecomm.apj.dell.com found to be vulnerable to stored XSS attack.
Nikhil managed to inject his own javascript code in the password hint field. Whenever he load the My account page, it executes the injected code.
Nikhil sent notification about the vulnerability to Dell Security Team. The vulnerability has been fixed now.
