Twitter XSS vulnerability not yet fixed - SC Magazine US: "A major cross-site-scripting vulnerability in Twitter that could result in a user's account being taken over has yet to be fixed despite Twitter's claim that it has, according to the software developer who discovered the bug.
James Slater first described the vulnerability, which allows malicious JavaScript code to be inserted into tweets, Tuesday on the blog of Dave Naylor, a search marketing executive.
Twitter's application programming interface (API), used by developers to create applications to post tweets -- such as TweetDeck, TwitterFox or HootSuite -- does not properly filter the URL of these programs. As a result, users could actually insert malicious JavaScript code along with a URL."
No comments:
Post a Comment