Skype videomood Cross Site Scripting
Source: snapvoip.blogspot.com
Skype videomood Cross Site Scripting (XSS), Miroslav Lučinskij, Critical Security, Lithuania, Vilnius is reporting about Skype videomood XSS at insecure.org.
"The team were able to find some permanent XSS vectors in dailymotion.com: videos have a ‘Title’ field, which is not properly filtered and returned to user in certain conditions. So it becomes possible to execute malicious script content when user is searching for a video to add to his mood. You may also test it by entering word ’saugumas’ in dailymotion.com video search field. "
Larger Screenshots are available here: http://www.critical.lt/?opinions/show/1470
