Nir Goldshlager, a security researcher and penetration tester, discovered some XSS vulnerabilities in Twitter and Google Calendar that can be exploited by attackers to steal cookies and session IDs – which could lead to a hijacking of accounts.
Another security issue is a vulnerability that allows HTML injection attacks with the intention of redirecting users to malicious sites.
According to eWeek, Twitter and Google were contacted and notified about these security issues, and while Twitter has already issued a fix, Google is still looking into the matter. In the meantime, they said that they don’t think the danger is great.
“Trying to trick someone into copying unfamiliar, suspicious code into a Google Calendar text field is neither a likely attack vector nor one that we are seeing being exploited,” they said.