Lyst: Mixed Active content issue on https://www.lyst.com

2017-02-18T14:08:19
ID H1:207329
Type hackerone
Reporter mrr3boot
Modified 2017-02-22T11:20:33

Description

An erroneous conditional comment for Internet Explorer browsers lower than version 9 was causing an attempted load of an insecure, non-existent JavaScript file over certain HTTPS requests from www.lyst.com. Although the targetted browser sessions were very low in number the request could still technically be hijacked. The comment has now been removed and the page no longer serves this request.