Google Groups vulnerable to cross-site scripting
Written by DP
Sunday, 27 April 2008
Update: This has been fixed a few hours after the disclosure! Again, congratulations to Google!
mox has discovered a critical XSS (script insertion) vulnerability in Google Groups [Mirror]:
Could be used by malicious people to steal cookies, display a fake Google Groups login form to phish cleartext authentication credentials and also to infect Google users with malware, adware and spyware.
It should be noted that Google fixed 2 recent XSS vulnerabilities very quickly. We hope this one to be resolved later today...