UPDATED - Domo Arigato: White hat reports vulnerability on Mr. Robot website
Call it an unintentional meta-reference: a promotional website for the computer hacker drama Mr. Robot was found to contain an actual XSS vulnerability.
It couldn't have been scripted any better. The new promotional website for season two of the USA Network's computer hacking drama Mr. Robot required an emergency patch after a white-hat hacker discovered a cross-site scripting (XSS) vulnerability, according to a report from Forbes.com.
The hacker, who goes by the palindromic alias Zemnmez, emailed series creator Sam Esmail to report the XSS flaw.
UPDATE 5/17: Another hacker who goes by the online alias Corenumb has blogged about finding a blind SQL injection vulnerability on the same Mr. Robot website after attempting to register an email address. The hacker reported the issue to the USA Network's parent company NBCUniversal, which patched the flaw just as it did in the previous instance.