SC Magazine: A persistent cross-site scripting (XSS) vulnerability in a popular site that hosts video content enabled an attacker to carry out a distributed denial-of-service (DDoS) attack against a different site, according to California-based website security company Incapsula, which helped mitigate the Thursday attack.
The video content website is one of the largest and most popular and sits in the Alexa top 50, according to a Thursday post by Ronen Atias, a security researcher with Incapsula, who explained that the name of the popular video site and the name of the DDoS target could not be revealed.
http://www.scmagazine.com/xss-vulnerability-in-popular-video-site-enables-unique-ddos-attack/article/341453/