Security researcher Deepanker Verma has identified a cross-site scripting vulnerability in the main search form of Delish, the popular cooking website operated by Microsoft and Hearst Magazines. The security hole has been fixed.
The expert, who is the founder of the Hacking Tricks website, has told me in an email that he reported the vulnerability to Microsoft back on January 11.
The company acknowledged the existence of the security hole and promised to fix it shortly after that.
“Today [January 23] they patched the vulnerability. Microsoft also asked for my name and website URL to put on the acknowledgement page,” the researcher said.
Earlier this month, Verma identified XSS and iFrame injection vulnerabilities on AOL’s Shopping website. However, AOL has failed to respond to his inquiries, leaving the site vulnerable to cyberattacks.