Google fixes cross-site scripting vulnerability in YouTube comments


Recommended Posts

5 July 2010, 14:00

Google fixes cross-site scripting vulnerability in YouTube comments

Over the weekend, unknown perpetrators added comments containing HTML code to a number of videos on YouTube. The HTML code was then executed in visitors' browsers. According to several US media reports, videos by young singer Justin Bieber in particular were targeted by the attacks.

According to one report, the comments caused pop-ups containing insulting messages to open and also opened additional (adult) web pages. It's not clear whether these web pages also led to malware-infected web sites and infected users' PCs. Some German bloggers also fell victimGerman language link) to the XSS attacks, with unknown perpetrators placing moving text across the screen using the marquee HTML tag.

(

Details here: http://www.h-online.com/security/news/item/Google-fixes-cross-site-scripting-vulnerability-in-YouTube-comments-1032988.html

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...