Security specialist Niklas Femerstrand has discovered a hole on the American Express web site that attackers can use to steal, among other things, the login data of credit card customers. The cross-site scripting (XSS) hole allows attackers to use manipulated links in order to write arbitrary JavaScript code into the victim’s browser. The code is then executed in the context of the American Express web site. Attackers could read access credentials, steal cookies or inject malicious software onto the victim’s system.

Read more: The H Security