Thursday, May 24, 2012

Responsible Disclosure - XSS in ZScaler Gateway Application

Updated: I mentioned this issue to the Securityweek's author Steve Regan after reading his story here: He
quoted this blog past as an addition to the story.

Some of the XSS bugs were responsibly disclosed to the security team at ZScaler. Thanks to Michael Sutton for responding quickly. The vulnerability is patched now.

Proof of Concept is here:

We stick to responsible disclosure to build the community more secure.

Enjoy !