Mastercard.com NOT PCI Compliant

Someone has found an XSS vulnerability on mastercard.com. The place it was found, the search function, is a notorious location for XSS vulnerabilities. The XSS payload that triggers the vulnerability leads me to believe that there was a fair amount of filtering going on but I guess not enough.

Who does Mastercard pay PCI penalties to?


Leave a Reply

Your email address will not be published. Required fields are marked *