The infamous @SuperSl1nk has done it again, he has found XSS DOM flaws in a total of 4 US government sites.
He showed proof yesterday via Twitter.
https://twitter.com/SuperSl1nk/status/273585944358182912
https://twitter.com/SuperSl1nk/status/273581111735619584
This includes National Geospatial-Intelligence Agency, Defence Intelligente Agency, National Geospatial-Intelligence Agency (different server), Central Intelligence Agency and NCIS.navy.mil.
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. Due to breaches of browser security, XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.
SuperSl1nk in the past has hacked a number of government agencies back in 2011, which includes the Department of Defense (DoD), Pentagon, NASA, NSA.