Campaign Sites Full of Vulnerabilities

An anonymous reader writes "Bloggers have been buzzing about the new wave of "Web 2.0" campaign sites, but it seems that a lot of presidential candidates haven't bothered to protect themselves from cross-site scripting attacks. A blogger has found a collection of XSS vulnerabilities including the websites of Barack Obama, Joe Biden, John Edwards, Mitt Romney, John Cox, Newt Gingrich, Tom Tancredo, the Democratic National Committee, and even a surprise from Whitehouse.gov. Some of the holes are low-risk, but others would allow a user's accounts on the affected website to be compromised. A victim would simply have to click on a maliciously crafted link that appears to lead to the candidate's site."

Re:Why are these vulnerabilities?

Still doesn't make sense. Being able to send data like that would require that the web site accept GET requests but 99% of the time sites only use the POST method.

Hmm. Let's see what Mitt Romney thinks of your theory.

(disclaimer: probably not what Mitt actually thinks, but you never know.)