U-Test completed a substantive, independent review of three major e-tailing sites. Testers discovered a security hole in one of the three major sites. The vulnerability was of the type that would allow (user) accounts to be taken over and give an intruder full access to all of the. sensitive information in the account . Cross-site scripting vulnerabilities show up when Web apps fail to validate user input from form fields. The vulnerability is limited only by the attacker’s imagination.
Source: https://www.lastwatchdog.com/utest-discovers-cross-site-scripting-vulnerability/