Apple iTunes Affiliate Site XSS

2009-11-04



Apple's iTunes affiliate site was vulnerable to an XSS flaw that allowed for an embarrassing Windows 7 overlay on their page. The vulnerability was quickly fixed after it was widely spread on social news sites Digg and Reddit.

However, after the initial vector was fixed, another was found on the French version of the site.


main page ATTRITION feedback