ARD fixes multiple XSS flaws

During the last few months we have tested the websites of the most well-known TV broadcasters. ARD is one of the biggest German public broadcaster and that’s why we decided to take a look at their websites security.

The website is very popular, because it does not only present information about tv shows, but it also gives the opportunity to watch shows later in their “Mediathek”.

We discovered some cross site scripting vulnerabilites in some of their online streaming players (radio/video) and in their blog. As you should know, cross site scripting vulnerabilities should not be underrated.

We contacted the webmaster on the 10th june 2012 via email. We explained every flaw in detail and we were very happy to notice that the vulnerabilites have been fixed within one day, We would like to see more webmasters fixing issues in such a small timeframe.

We would like to thank the webmasters for the very fast resolution of the issues and the good coordination process.

The team of


First screenshot of the XSS

Second screenshot of the XSS

Third screenshot of the XSS