Google slams the door on XSS flaw

by admin January 17, 2007 at 3:38 am

‘Stop cookie thief!’

Google has patched a cross-site scripting (XSS) vulnerability in one of its web-hosting services.

If left unpatched, the vulnerability could have allowed hackers to modify third-party Google documents and spreadsheets, and view mail subjects and search history, according to the Google Blogoscoped blog.

Philipp Lenssen, the author of Google Blogoscoped – a third-party site that comments on Google developments – said the vulnerability was similar to another vulnerability in Blogger Custom Domains, reported at the weekend.

Read more: