Security researchers have noted a security vulnerability lurking on the online booking website for airline Qantas.
The cross-site scripting vulnerability was discovered by an anonymous user and submitted to security watchlist XSSED.com - the second time the integrity of Qantas' web properties has been called into question by the publication.
Security experts monitoring the site are as yet unsure of what data - if any at all - the script is capable of stealing from the page.
"XSS (cross-site scripting) is one of the most common tools in the hacking trade," noted Kane Lightowler, regional sales director at IT security vendor Imperva.
"XSS allows an attacker to inject malicious software into websites that are, in turn, accessed by unwary consumers who are often asked to provide credentials such as usernames, passwords or credit card information."
Lightowler noted that "nearly every major website today has been affected by XSS attacks, including Facebook and Twitter."
UPDATE - Tuesday 3pm - Qantas has responded to this story.
"Qantas takes a proactive approach to detecting and responding to these sorts of issues. We are aware of the issues identified by XSSED.com and are currently in the process of implementing changes to remedy any associated vulnerabilities."
UPDATE - Tuesday 3:20pm
Qantas has confirmed the problem has been resolved. "We have also confirmed that there was no threat to the personal information of our customers," an airline spokesman said.
Copyright © iTnews.com.au . All rights reserved.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.