google-site-verification: google30a059f9a075f398.html

Google Warns DoubleClick Customers of XSS Flaws

Cyberwisdom commentary:

Google has warned their DoubleClick customers that some of the files provided by third-party vendors through their advertising platform may introduce cross-site scripting (XSS) vulnerabilities.

The tech giant shares a list of more than a dozen advertising companies whose files are vulnerable to XSS attacks. Google advises site owners and administrators to check for the existence of these files on their servers (usually in the root domain) and delete them.

“If possible, disable these vendors for all DoubleClick for Publishers and DoubleClick Ad Exchange customers, but any file hosted on your site may still be at risk and should be removed.Google said we will let you know as we learn more .

Cross-site scripting (XSS) vulnerabilities come from their iframe buster kit, which includes multiple HTML and JavaScript files that need to be hosted in the customer’s domain. Some of these files contain XSS vulnerabilities that allow an attacker to execute arbitrary JavaScript code in the context of a user’s browser by having the victim click a specially crafted link.

 

Read the article for more interesting facts…

Google has warned DoubleClick customers that some of the files provided by third-party vendors through its advertising platform can introduce cross-site scripting (XSS) vulnerabilities.
read more… Engaging post, Read More…

thumbnail courtesy of securityweek.com

If you like to receive more of these curated news alerts then subscribe to my mailing list.

Add a Comment

Your email address will not be published. Required fields are marked *