Google fixes XSS hitch

Google has fixed a cross-site scripting (XSS) vulnerability in one of its web-hosting services.

  • E-Mail
By  Administrator Published  January 25, 2007

Google has fixed a cross-site scripting (XSS) vulnerability in one of its web-hosting services.

The vulnerability could have enabled hackers to modify third-party the search engine provider's documents and spreadsheets, a Cnet report said citing Google Blogoscoped, a blog which comments on Google developments.

"The security hole is connected to an update to a specific Google service which doesn't correctly defend against HTML injections," Philipp Lenssen, author of the blog, said. In a statement to Cnet, Google said it was aware of and had resolved the problems.

"Google was alerted to these issues, and we worked quickly to fix the problems, which have been resolved," the statement said. "We have not received any reports of user data being compromised."

Google recently added a page to its web site thanking people and organisations for notifying it of security vulnerabilities.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code