Facebook, Yelp Instant Personalization Has Holes

Author: Donald Sears

May 11, 2010 3:19 pm

A now-closed Facebook exploit took advantage of cross site scripting to inject malicious code into Yelp. Normally such an attack wouldn’t have particularly broad implications for Facebook users, but Yelp is one of the three sites that have been deemed fit for Facebook’s highly controversial Instant Personalization feature. Read the full article. [TechCrunch]

A now-closed Facebook exploit took advantage of cross site scripting to inject malicious code into Yelp. Normally such an attack wouldn’t have particularly broad implications for Facebook users, but Yelp is one of the three sites that have been deemed fit for Facebook’s highly controversial Instant Personalization feature. Read the full article. [TechCrunch]

Suggested articles

QNAP NAS system XSS flaw

QNAP High-Severity Flaws Plague NAS Systems

The high-severity cross-site scripting flaws could allow remote-code injection on QNAP NAS systems.

Bug-Bounty Awards Spike 26% in 2020

The most-rewarded flaw is XSS, which is among those that are relatively cheap for organizations to identify.

facebook tech support scam

Facebook, News and XSS Underpin Complex Browser Locker Attack

An elaborate set of redirections and hundreds of URLs make up a wide-ranging tech-support scam.