Cross-site scripting vulnerability in TweetDeck's ChromeDeck
Chrome TweetDeck, the browser-based version of the Tweetdeck Twitter client, has been found to be suffering from a cross-site scripting vulnerability (XSS). It was discovered that the Chrome TweetDeck application, also known as ChromeDeck, would execute scripts placed within <script>
tags in tweets (Twitter messages).
For example, the discoverers found that the text <script>alert('Scanned')</script>
in a tweet popped up a dialog box with "Scanned" displayed as the text, indicating it had run the JavaScript. The hole has now been closed and an update has been released to ChromeDeck users who should install it as soon as possible. TweetDeck was recently acquired by Twitter.
(djwm)