U.S. Dept Of Defense: Reflected XSS via user Parameter in /ssl-vpn/getconfig.esp

A reflected Cross-Site Scripting XSS vulnerability was discovered in the user parameter of the /ssl-vpn/getconfig.esp endpoint. This allowed an attacker to inject and execute arbitrary JavaScript in a user's browser. The vulnerability was found on a .mil domain associated with a VPN configuration...