Breaking News

PlayStation Plus Game Catalog for August 2025 Arctic announces Xtender PC case Samsung Launches World’s First 500Hz OLED Gaming Monitor and New Odyssey G7 Lineup Razer Unveils Wolverine V3 Pro 8K PC controller XPG Launches the Industry-leading RGB Gen4 SSD – SPECTRIX S65G

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Youtube Hit By Code Injection Attack

Youtube Hit By Code Injection Attack

Enterprise & IT Jul 5,2010 0

YouTube was hit by a persistent cross-site scripting (XSS) vulnerability which affects YouTube's comment field. Malicious JavaScript was inserted into user's comments by exploiting a XSS flaw. The bug was abused by unnamed attackers to poison the comments on multiple videos.

Researchers from a Romanian security team (InSecurityRomania) have revealed the vulnerability first.

Google has corrected the issue now but it is possible that malicious users have already exploited it to redirect unwitting YouTube users watching videos to drive-by download pages in order to infect them with malware, adware and spyware.

Cross-site scripting (XSS) vulnerabilities is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users.

Experts distinguish between at least two primary flavors of XSS: non-persistent and persistent.

The non-persistent (or reflected) cross-site scripting vulnerability is by far the most common type. For example, a non-persistent XSS vulnerabilitie in Google could allow malicious sites to attack Google users who visit them while logged in.

The persistent XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. For example, a persistent cross-zone scripting vulnerability coupled with a computer worm allowed execution of arbitrary code and listing of filesystem contents via a QuickTime movie on MySpace.

Tags: YouTubeVirus
Previous Post
Sony Introduces Slim PS3 in Japan
Next Post
E-books Still Slower Than Reading Print, Study Says

Related Posts

  • YouTube TV adds premium 4K package, 5.1 surround sound

  • Youtube Targets TV Advertisers With YouTube Select

  • YouTube Announces New Ad Tools For TV-Based Content

  • YouTube Fact-Check Coming to U.S.

  • Google to Launch Free YouTube Video Builder

  • YouTube to Lower Video Quality Around the World

  • YouTube to Lower Streaming Quality in Europe to Offload Internet Networks

  • How Google Handles Coronavirus Misinformation on Search, YouTube

Latest News

PlayStation Plus Game Catalog for August 2025
Gaming

PlayStation Plus Game Catalog for August 2025

Arctic announces Xtender PC case
Cooling Systems

Arctic announces Xtender PC case

Samsung Launches World’s First 500Hz OLED Gaming Monitor and New Odyssey G7 Lineup
Gaming

Samsung Launches World’s First 500Hz OLED Gaming Monitor and New Odyssey G7 Lineup

Razer Unveils Wolverine V3 Pro 8K PC controller
Gaming

Razer Unveils Wolverine V3 Pro 8K PC controller

XPG Launches the Industry-leading RGB Gen4 SSD – SPECTRIX S65G
PC components

XPG Launches the Industry-leading RGB Gen4 SSD – SPECTRIX S65G

Popular Reviews

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Noctua NH-D15 G2

Noctua NH-D15 G2

Soundpeats Pop Clip

Soundpeats Pop Clip

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

be quiet! Pure Base 501

be quiet! Pure Base 501

Terramaster F8-SSD

Terramaster F8-SSD

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed