Google Groups vulnerable to cross-site scripting

Written by DP

Sunday, 27 April 2008

Update: This has been fixed a few hours after the disclosure! Again, congratulations to Google!

mox has discovered a critical XSS (script insertion) vulnerability in Google Groups [Mirror]:

Could be used by malicious people to steal cookies, display a fake Google Groups login form to phish cleartext authentication credentials and also to infect Google users with malware, adware and spyware.

It should be noted that Google fixed 2 recent XSS vulnerabilities very quickly. We hope this one to be resolved later today...

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.