Thamatam Deepak (Mr.47 ) reported a Cross site scripting (XSS) Vulnerability and cookie handling in HTC website, that allow an attacker to HTC website hijack accounts. Mr. Deepak is a 16 years old whitehat hacker, listed in Apple Hall of Fame with ‘The Hacker News’ researcher this month. Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. This vulnerability may be used by attackers to bypass access controls such as the same origin policy.
Source: https://thehackernews.com/2012/12/vulnerability-in-htc-website-allow_28.html