Cross-site scripting vulnerability was reported today on Google Account page. Link to the report of Xssed.com: http://www.xssed.com/mirror/25472/
According to the Web site's database the issue is fixed already. Good!
The vulnerability enabled to generate a JS pop-up window and put HTML code on the Google Account log-in page. |
According to this Full-Disclosure mailing list post this vulnerability affects to Gmail.
Title: Gmail 0day, posted by the same person who reported it to Xssed.com:
http://archives.neohapsis.com/archives/fulldisclosure/2007-11/0181.html
|
Thanks for sharing this. Yeah, the replies posted to full-disclosure have confirmed this during the Friday too. |