In association with heise online

29 May 2011, 13:58

Cross-site scripting vulnerability in TweetDeck's ChromeDeck

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

TweetDeck logo

Chrome TweetDeck, the browser-based version of the Tweetdeck Twitter client, has been found to be suffering from a cross-site scripting vulnerability (XSS). It was discovered that the Chrome TweetDeck application, also known as ChromeDeck, would execute scripts placed within <script> tags in tweets (Twitter messages).

For example, the discoverers found that the text <script>alert('Scanned')</script> in a tweet popped up a dialog box with "Scanned" displayed as the text, indicating it had run the JavaScript. The hole has now been closed and an update has been released to ChromeDeck users who should install it as soon as possible. TweetDeck was recently acquired by Twitter.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit