« SVN Flaw Reveals Source Code to 3,300 Popular Websites | Main | CGISecurity turns 9 »

Reddit XSS worm spreads

UPDATE: Reddit has posted a blog entry at http://blog.reddit.com/2009/09/we-had-some-bugs-and-it-hurt-us.html addressing this.

"Popular social news website Reddit has stopped the spread of a cross-site scripting (XSS) worm that hit the site on Monday.

The XSS worm spread via comments on the site, originally from the account of a user called xssfinder.

Reddit failed to filter out JavaScript in some cases, specifically when a user hovered his or her mouse over a link, a factor the miscreants behind xssfinder's account exploited to run a proof of concept attack." - TheRegister

Read more: http://www.theregister.co.uk/2009/09/28/reddit_xss_worm/


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

you can find a good explanation of xss here: http://www.applicure.com/answers/cross_site_scripting/What-is-XSS.html