{"id":45104,"date":"2022-02-02T10:15:10","date_gmt":"2022-02-02T10:15:10","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\/"},"modified":"2022-02-02T10:15:10","modified_gmt":"2022-02-02T10:15:10","slug":"dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\/","title":{"rendered":"DMCA-dot-com XSS vuln reported in 2020 still live today and firm has shrugged it off"},"content":{"rendered":"<p>There is a live cross-site scripting (XSS) vulnerability in takedowns website DMCA-dot-com&#8217;s user interface. It&#8217;s existed for more than a year and the site&#8217;s operators don&#8217;t appear to be interested in fixing it.<\/p>\n<p>Infosec researcher Joel Ossi, founder of Dutch security firm Websec, announced his findings after spending more than a year trying and failing to get DMCA-dot-com to take the XSS seriously.<\/p>\n<p>&#8220;I registered at DMCA at first with an intention to protect my own website,&#8221; he <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/websec.nl\/blog\/606ecfec2f798a048269340e\/dmcacom%20hack%20full%20disclosure%20with%20proof-of-concept\">blogged<\/a>, explaining that he found unescaped free-text entry boxes in the DMCA user interface allowed him to create an XSS.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>DMCA-dot-com is a copyright takedown service. Users pay the site to handle the tedious part of getting an alleged copyright infringer to delete content from the World Wide Web, using the infamous US Digital Millennium Copyright Act. Prices can be as high as $199 for a takedown.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Ossi showed <i>The Register<\/i> his live findings on a video call. Every single time he clicked to a new webpage in the DMCA-dot-com user area, the classic XSS tell-tale \u2013 a popup with a custom message \u2013 appeared. The script to do so was really quite simple:<\/p>\n<div class=\"CaptionedImage Center Border\" readability=\"7\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2022\/02\/01\/dmca_com_xss_poc.jpg\" alt=\"The code needed to invoke a simple XSS on DMCA-dot-com\" title=\"The code needed to invoke a simple XSS on DMCA-dot-com\" height=\"585\" width=\"537\"><\/p>\n<p class=\"text_center\">The code needed to invoke a simple XSS on DMCA-dot-com<\/p>\n<\/div>\n<p>He went public with his findings after a year spent trying and failing to get the interest of DMCA-dot-com&#8217;s operators when he first found the vuln in late 2020.<\/p>\n<p>&#8220;Our development team will be reaching out if \/ when they need to. Our support department cannot help you on this,&#8221; said the last message sent to Ossi by DMCA-dot-com as he tried to get uninterested helpdesk folk to pass along his vuln report.<\/p>\n<p>While he asked for a bug bounty, <i>El Reg<\/i> confirmed that Ossi had made full private disclosure of his findings before raising the question of payment.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Both Ossi and <i>The Register<\/i> made multiple attempts to contact DMCA-dot-com. In our case the company didn&#8217;t even acknowledge our efforts to get in touch.<\/p>\n<div class=\"CaptionedImage Center Border\" readability=\"7\"><a href=\"https:\/\/regmedia.co.uk\/2022\/02\/01\/dcma_com_emails.jpg\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2022\/02\/01\/dcma_com_emails.jpg?x=648&amp;y=648&amp;infer_y=1\" alt=\"Support tickets raised by Ossi with DMCA-dot-com's helpdesk\" title=\"Support tickets raised by Ossi with DMCA-dot-com's helpdesk\" height=\"648\" width=\"648\"><\/a><\/p>\n<p class=\"text_center\">Support tickets raised by Ossi with DMCA-dot-com&#8217;s helpdesk in September 2020<\/p>\n<\/div>\n<p>While he may have been the first, Ossi isn&#8217;t the only researcher to find the XSS vulns in DMCA-dot-com. Two separate entries on the Open Bug Bounty site show XSS vulns in DMCA, one dating <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.openbugbounty.org\/reports\/2069856\/\">from April<\/a> last year and the other <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.openbugbounty.org\/reports\/2069856\/\">from June<\/a>.<\/p>\n<p>As <em>Reg<\/em> readers know, cross-site scripting vulnerabilities let a malicious person execute scripts on somebody else&#8217;s website. As explained <a target=\"_blank\" href=\"https:\/\/cwe.mitre.org\/data\/definitions\/79.html\" rel=\"noopener\">by MITRE<\/a>, the flaw typically exists because free text entry forms don&#8217;t sanitise user inputs.<\/p>\n<p>&#8220;The most common attack performed with cross-site scripting involves the disclosure of information stored in user cookies,&#8221; says MITRE. &#8220;Typically, a malicious user will craft a client-side script, which \u2013 when parsed by a web browser \u2013 perform, some activity (such as sending all site cookies to a given E-mail address).&#8221;<\/p>\n<p>Harvesting active login tokens from cookies could give an attacker access to your account on DMCA-dot-com. Ossi told us it wouldn&#8217;t take much to falsely run up billable services, remove DMCA-dot-com&#8217;s protection features from a given webpage or close an account.<\/p>\n<p>Jake Moore, global cybersecurity advisor to infosec firm ESET, told <i>The Register<\/i>: &#8220;Cross-site scripting vulnerabilities can allow an attacker to masquerade as a standard user and carry out any actions that the user is able to perform such as access the user&#8217;s data. User accounts can then ultimately be compromised and credentials or other information could be stolen with great ease.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Immersive Labs&#8217; app security specialist Sean Wright added: &#8220;Despite the fact they have been a part of the attacker toolkit for some time, many still underestimate the risks from XSS vulnerabilities. However, they are effectively client side remote code execution vulnerabilities. In the right circumstances, and combined with tools such as the Browser Exploitation Framework, XSS vulnerabilities give an attacker almost complete control of a browser. Ultimately, this could lead to redirects to malicious sites and even performing actions on behalf of the user.&#8221;<\/p>\n<p>It is to be hoped that someone responsible at DMCA-dot-com pays attention to this year-and-a-half-old vuln disclosure. If it&#8217;s been around this long, somebody might be using it to do something bad. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2022\/02\/02\/dmca_com_live_xss_flaw\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researcher tells world after being stonewalled There is a live cross-site scripting (XSS) vulnerability in takedowns website DMCA-dot-com&#8217;s user interface. It&#8217;s existed for more than a year and the site&#8217;s operators don&#8217;t appear to be interested in fixing it.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-45104","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>DMCA-dot-com XSS vuln reported in 2020 still live today and firm has shrugged it off 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DMCA-dot-com XSS vuln reported in 2020 still live today and firm has shrugged it off 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-02T10:15:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"DMCA-dot-com XSS vuln reported in 2020 still live today and firm has shrugged it off\",\"datePublished\":\"2022-02-02T10:15:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\\\/\"},\"wordCount\":707,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\\\/\",\"name\":\"DMCA-dot-com XSS vuln reported in 2020 still live today and firm has shrugged it off 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2022-02-02T10:15:10+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DMCA-dot-com XSS vuln reported in 2020 still live today and firm has shrugged it off\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DMCA-dot-com XSS vuln reported in 2020 still live today and firm has shrugged it off 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\/","og_locale":"en_US","og_type":"article","og_title":"DMCA-dot-com XSS vuln reported in 2020 still live today and firm has shrugged it off 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-02-02T10:15:10+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"DMCA-dot-com XSS vuln reported in 2020 still live today and firm has shrugged it off","datePublished":"2022-02-02T10:15:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\/"},"wordCount":707,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\/","url":"https:\/\/www.threatshub.org\/blog\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\/","name":"DMCA-dot-com XSS vuln reported in 2020 still live today and firm has shrugged it off 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2022-02-02T10:15:10+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YfppmQ6FyxZza4H4yXu@gQAAAJc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/dmca-dot-com-xss-vuln-reported-in-2020-still-live-today-and-firm-has-shrugged-it-off\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"DMCA-dot-com XSS vuln reported in 2020 still live today and firm has shrugged it off"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45104","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=45104"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/45104\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=45104"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=45104"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=45104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}