Google patches XSS security flaw

Google has patched a cross site scripting (XSS) vulnerability in one of its web hosting services. If left unpatched, the vulnerability could have allowed hackers to modify third party Google documents and spreadsheets, and view mail subjects and search history, according to the Google Blogoscoped blog.

Philipp Lenssen, the author of Google Blogoscoped, a third-party site that comments on Google developments, said the vulnerability was similar to another vulnerability in Blogger Custom Domains reported on Sunday night. Google patches XSS security flaw - ZDNet UK

Linked by shanmuga Tuesday, 16th January 2007 11:56PM