Channel.facebook.com cross-site-scripting (XSS) vulnerability by Edgard Chammas
Security researcher Edgard Chammas, has submitted on 02/04/2011 a cross-site-scripting (XSS) vulnerability affecting 1.61.channel.facebook.com, which at the time of submission ranked 2 on the web according to Alexa. It is currently unfixed.
Link : https://1.61.channel.facebook.com/iframe/11?r=https://static.ak.fbcdn.net/rsrc.php/1.js%22%3E%3C/script%3E%3Cscript%3Ealert(%22The%20Hacker%20News%22)%3C/script%3E%3Cscript%3E

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.