Advertisements

 New critical XSS vulnerabilities reported for Skype and Vodafone web sites

Written by DP

Monday, 31 May 2010

Apparently Skype.com security staff (@skypesecurity) are still investigating the cross-site scripting vulnerability that was submitted earlier last week  to our archive  by security researcher "Xylitol": 
 
 
Real damage could be done in such a short timeframe and really XSS bugs are not rocket science when it comes to fixing them. So why all this delay and what is to investigate here? The few unfiltered variables in the page's source code? The overall testing should be performed after the immediate remediation of publicly known security issues.
 
Two more Skype.com XSS vulnerabilities were reported by "Mystick":

 
 
 
 
Additionally, six more XSS vulnerabilities affecting regional Vodafone web sites, were reported by "Azat Harutyunyan":
 
Related News:


        
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.