14 DAY TRIAL // Security expert Mirza Burhan Baig, of BlackBitz.net, has identified a DOM-based cross-site scripting (XSS) vulnerability on the official Skype website.
According to the expert, he reported the security hole to Microsoft in late December 2012. The company informed the researcher that the flaw had been fixed sometime in March.
For his efforts, Microsoft listed the researcher on its “Security Researcher Acknowledgments for Microsoft Online Services” page. This is the third time when Mirza Burhan Baig is listed in the Redmond company’s “hall of fame.”
Previously, the expert identified similar vulnerabilities on Apple’s “Find Locations” website (locate.apple.com) and on Microsoft’s official “Surface” webpage.
OWASP recommends webmasters to test their sites for DOM XSS vulnerabilities by utilizing testing tools such as DOMinator from Minded Security, or DOM Snitch, an experimental Chrome extension.