New critical XSS vulnerabilities reported for Skype and Vodafone web sites

Written by DP

Monday, 31 May 2010

Apparently security staff (@skypesecurity) are still investigating the cross-site scripting vulnerability that was submitted earlier last week  to our archive  by security researcher "Xylitol": 
Real damage could be done in such a short timeframe and really XSS bugs are not rocket science when it comes to fixing them. So why all this delay and what is to investigate here? The few unfiltered variables in the page's source code? The overall testing should be performed after the immediate remediation of publicly known security issues.
Two more XSS vulnerabilities were reported by "Mystick":

Additionally, six more XSS vulnerabilities affecting regional Vodafone web sites, were reported by "Azat Harutyunyan":
Related News:

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.