Cross-site scripting security issue (XSS vulnerability) has been reported today targeting YouTube.
=NOTE=: A clickable test link included to the report link below, don't click the YouTube link there if you don't want to test the issue. The recent report is available at http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059138.html
ant it was sent to non-moderated security mailing list. If you want you cant test the case with MSIE, Firefox, Opera and Safari.
The person behind the case is Michal Majchrowicz.
|
On Monday 17th Dec it was reported on the mailing list that the vulnerability was fixed quickly – after disclosing on mailing list.
Link: http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059168.html |