Salesforce plugs silly website XSS hole, hopes nobody spotted it

by
from The Register on (#HCHV)
Story ImageWeb development 101: Thou shalt stop thy users from inputting JavaScript

A cross-site scripting (XSS) vulnerability on Salesforce's website might have been abused to pimp phishing attacks or hijack user accounts. Fortunately the bug has been resolved, apparently before it caused any harm."

External Content
Source RSS or Atom Feed
Feed Location http://www.theregister.co.uk/headlines.atom
Feed Title The Register
Feed Link https://www.theregister.com/
Feed Copyright Copyright © 2026, Situation Publishing
Reply 0 comments