Experts Find DOM-Based XSS Vulnerability in

Minded Security researchers have found another flaw by using DOMinatorPro

Security researchers from Minded Security have identified a document object model (DOM)-based cross-site scripting (XSS) vulnerability on

The security hole has been identified with the aid of DOMinatorPro - a runtime JavaScript DOM XSS analyzer.

According to the researchers, DOMinatorPro revealed a piece of code in /pagead/landing.js which used invalidated input to build the argument for two “document.write ” calls.

They found that the buggy JavaScript had been utilized by (both HTTP and HTTPS).

“[This] means that one more time a (almost) 3rd party script introduces a flaw in the context of an unaware domain,” Minded Security’s Stefano Di Paola explained.

Di Paola suggested one workaround, but Google decided to address this issue by removing the problematic script altogether.

Unlike the traditional XSS vulnerabilities that occur in the server-side code, DOM-based XSS affects the script code in the client’s browser.

Hot right now  ·  Latest news