Gallup’s XSS Woes: Vulnerabilities Patched Amid Election Season Drama

Gallup rushed to patch cross-site scripting vulnerabilities on its website during election season. These XSS flaws, reported by Checkmarx, didn’t compromise internal data but highlighted the need for better query string sanitization.

3P
Published: September 12, 2024 8:31 pmAdded: September 12, 2024 at 1:37 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Gallup might have been caught off-guard by some cross-site scripting (XSS) vulnerabilities, but at least their polls are still secure! Maybe they should start polling their cybersecurity team about best practices.

Key Points:

  • Gallup rushed to patch two XSS vulnerabilities in their website over the summer.
  • First flaw: A reflected XSS bug with a CVSS score of 6.5 out of 10.
  • Second flaw: A DOM-based XSS vulnerability with a CVSS score of 5.4.
  • The vulnerabilities did not impact Gallup’s internal data or polling.
  • Multiple updates and corrections were made to the original news report due to disputed research claims.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?