Security Company Says NASDAQ Waited Two Weeks To Fix XSS Flaw

alphadogg writes "A Swiss security company said the NASDAQ website had a serious cross-site scripting vulnerability for two weeks before being fixed on Monday, despite earlier warnings. Ilia Kolochenko, CEO of the Geneva-based penetration testing company High-Tech Bridge, said he repeatedly emailed NASDAQ and warned of the XSS flaw. 'I can basically say I have spammed them,' Kolochenko said in an interview. A NASDAQ spokesman did not have immediate comment. NASDAQ.com lets users create accounts and build a profile to monitor stocks and news."

NASDAQ web site != NASDAQ trading system

[JoeyRox]

nasdaq.com is a simple front-end fluff site for viewing quotes and doing basic company research. No critical systems or customer data.