A security researcher has uncovered a security hole in Amazon’s Kindle Library that could lead to cross-site scripting (XSS) attacks and account compromises. The flaw affects the “Manage Your Content and Devices” and ‘Manage your Kindle’ services in the web-based Kindle Library. It could allow a hacker to inject and hide malicious lines of code into into e-book metadata, such as the title text of an eBook, in order to compromise the security of your Amazon account. The vulnerability was originally discovered by German security researcher Benjamin Daniel Mussler in October last year and was subsequently fixed by Amazon in December.
Source: https://thehackernews.com/2014/09/malicious-kindle-ebook-lets-hackers.html