Sony (XSS) cross site scripting.

Well it is most definitely by now no secret that Sony’s online security is some what lacking,  I’m not sure when Sony will get there act together lets hope soon the only Xbox game I have is The Orange Box.

A new XSS on one of the Sony’s  support pages, has been brought to my attention and here it is.

 http://www.css.ap.sony.com/CLIE/announcement/AnnDetails.asp?Id=408%22%3E%3Cscript%3Ealert(String.fromCharCode(88,83,83))%3C/script%3E

Don’t worry the script is just an alert and Sony has been notified, however other  sub domains have not been tested for this XSS vulnerability.