Persistent XSS Vulnerability Found on Tumblr (Updated)

Updated on: 2012-07-16 || Source:
Security researcher Riyaz Ahemed Walikar has identified a persistent cross-site scripting (XSS) vulnerability on the popular microblogging platform Tumblr.

XSS flaws are highly common on websites these days, but most of them are non-persistent and implicitly less dangerous.

“XSS can cause a lot of serious problems. An attacker can steal cookies, redirect users to fake or malicious sites, control a user's browser using automated frameworks like BeEF and download and execute exploits on the victim's computer,” Walikar explained.

“Stored XSS is even more dangerous since the script is stored on the server and is executed everytime user visits an infected page.”

According to the expert, Tumblr were notified more than three weeks ago on the issue, but so far the website's representatives have failed to address it. Walikar says that he will publish more technical details on the security hole in the upcoming period.

Update. Walikar has told Softpedia that the persistent XSS vulnerability has been addressed by Tumblr. The technical details are available on his blog.


Blackphone 2 'privacy' Android handset revamped
Security firm Silent Circle has revamped its smartphone that helps people manage personal data.
Chinese smartphones mount massive web attack
More than 650,000 Chinese smartphones have been unwittingly enrolled in a massive attack that overwhelmed a web
Hilton investigates hack claims
The Hilton hotel group has said it is investigating claims its US shops and gift stores may be the source of
Twitter website 'blocked' in Turkey
Twitter users in Turkey report that the social media site has been blocked in the country.


Sign up to received our free newsletter!
E-mail ID:


Views: 5405 Times
A fixed background image (this image will not scroll with the rest of the page) READ MORE
Views: 3006 Times
China to Google: Android must remain open READ MORE
Views: 3161 Times
Portal 2 wins best game at the Bafta Video Game Awards READ MORE
Views: 5789 Times
How To Break Windows Password READ MORE
Views: 7531 Times
Form Validation [Javascript] READ MORE

Home|IT News|Computer Tips|Video Tutorials|Download Softwares|Subjects|Contact Us
Copyright © 2019. Jumbo Education (Information Technology). All rights reserved.
Free counter and web stats

Large Visitor Globe