Two Indian security researchers have found a serious Cross Site Scripting vulnerability in Tumblr. The vulnerability could be used to steal cookies of authenticated users and make a worm. Tumblr is one of the most popular social networking websites worldwide, and is ranked 37th by Alexa. Researchers Aditya Gupta (@adi1391) and Subho Halder (@sunnyrockzzs) have released the vulnerability.Tumblr is the 37th most popular website in the world, ranked 37 by Alexa, with no response from the company.
Source: https://thehackernews.com/2012/06/serious-tumblr-cross-site-scripting.html