Sign In »
Register Now!
Help
Quote
5 July 2010, 14:00
Google fixes cross-site scripting vulnerability in YouTube comments
Over the weekend, unknown perpetrators added comments containing HTML code to a number of videos on YouTube. The HTML code was then executed in visitors' browsers. According to several US media reports, videos by young singer Justin Bieber in particular were targeted by the attacks.
According to one report, the comments caused pop-ups containing insulting messages to open and also opened additional (adult) web pages. It's not clear whether these web pages also led to malware-infected web sites and infected users' PCs. Some German bloggers also fell victimGerman language link) to the XSS attacks, with unknown perpetrators placing moving text across the screen using the marquee HTML tag.
Google fixes cross-site scripting vulnerability in YouTube comments
Over the weekend, unknown perpetrators added comments containing HTML code to a number of videos on YouTube. The HTML code was then executed in visitors' browsers. According to several US media reports, videos by young singer Justin Bieber in particular were targeted by the attacks.
According to one report, the comments caused pop-ups containing insulting messages to open and also opened additional (adult) web pages. It's not clear whether these web pages also led to malware-infected web sites and infected users' PCs. Some German bloggers also fell victimGerman language link) to the XSS attacks, with unknown perpetrators placing moving text across the screen using the marquee HTML tag.
Details here: http://www.h-online....ts-1032988.html
Back to top
MultiQuote