According to the following posting to widely known Bugtraq security mailing list Google Security Team informs that it has fixed XSS-type (Cross Site Scripting) security issue in orkut.com service: http://www.securityfocus.com/archive/1/434555/30/30/threaded
Mr. Cory Altheide from security team also reminds that as part of responsible disclosure policy is to contact Google via security (at) google (dot) com.
Original posting about the XSS vulnerability included to URL mentioned. |