Google Blogoscoped

Forum

Cross-site scripting vulnerability now on Google

Juha-Matti Laurio [PersonRank 10]

Thursday, November 8, 2007
16 years ago2,562 views

Cross-site scripting vulnerability was reported today on Google Account page.
Link to the report of Xssed.com:
http://www.xssed.com/mirror/25472/

According to the Web site's database the issue is fixed already. Good!

The vulnerability enabled to generate a JS pop-up window and put HTML code on the Google Account log-in page.

Juha-Matti Laurio [PersonRank 10]

16 years ago #

According to this Full-Disclosure mailing list post this vulnerability affects to Gmail.

Title: Gmail 0day, posted by the same person who reported it to Xssed.com:

http://archives.neohapsis.com/archives/fulldisclosure/2007-11/0181.html

TOMHTML [PersonRank 10]

16 years ago #

it has been fixed too

Juha-Matti Laurio [PersonRank 10]

16 years ago #

Thanks for sharing this. Yeah, the replies posted to full-disclosure have confirmed this during the Friday too.

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!