Zero-Day Advisory
Fortinet Discovers Tencent auto.qq.com Cross-Site Scripting Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a XSS (Cross-Site Scripting) vulnerability in Tencent auto.qq.com website.
auto.qq.com is Tencent's website for automobile information. It is one of the most popular sites in China.
A XSS vulnerability has been discovered in auto.qq.com website. It is caused by inadequate anti-XSS protection on this website.
Solutions
Tencent has fixed it in September, 2015.
References
Acknowledgement
This vulnerability was discovered by Zhouyuan Yang of Fortinet's FortiGuard Labs.