May 29, 2011

Cross-site scripting vulnerability in TweetDeck’s ChromeDeck

Chrome TweetDeck, the browser-based version of the Tweetdeck Twitter client, has been found to be suffering from a cross-site scripting vulnerability (XSS). It was discovered that the Chrome TweetDeck application, also known as ChromeDeck, would execute scripts placed within <script> tags in tweets (Twitter messages).
For example, the discoverers found that the text


Solution is update the new version of Chrome TweetDeck.

No comments: