Researcher Uncovers Twitter, Google Calendar Security Vulnerabilities

A security researcher uncovered some holes in Google Calendar and Twitter that may allow an attacker to steal cookies and user session IDs…

A security researcher has uncovered vulnerabilities in Twitter and Google Calendar that could put users at risk.

In a proof-of-concept, researcher Nir Goldshlager demonstrated cross-site scripting (XSS) vulnerabilities in Google Calendar and Twitter that he said could be used to steal cookies and session IDs. He also uncovered an HTML injection issue affecting Google Calendar as well that he said could be used to redirect a victim to an attack site anytime the user viewed his or her Google Calendar agenda events….

For complete article from eweek, click