Google Notebook and Google Bookmarks Multiple Unspecified Cross-Site Scripting Vulnerabilities

Bugtraq ID:	30574
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Aug 06 2008 12:00AM
Updated:	Aug 06 2008 08:06PM
Credit:	Alfredo Melloni
Vulnerable:	Google Notebook 0 Google Bookmarks 0
Not Vulnerable:

Google Notebook and Google Bookmarks Multiple Unspecified Cross-Site Scripting Vulnerabilities

Google Notebook and Google Bookmarks are prone to multiple unspecified cross-site scripting vulnerabilities because they fail to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Google Notebook and Google Bookmarks Multiple Unspecified Cross-Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.

Google Notebook and Google Bookmarks Multiple Unspecified Cross-Site Scripting Vulnerabilities

Solution:
The reporter indicates that Google has fixed these vulnerabilities, but Symantec was not able to confirm this information.

Google Notebook and Google Bookmarks Multiple Unspecified Cross-Site Scripting Vulnerabilities

References:

• Vendor Homepage (Google)
  
• Google Notebook and Google Bookmarks Cross Site Scripting Vulnerabilities ([email protected])