In a proof of concept, researcher Nir Goldshlager demonstrated cross-site scripting (XSS) vulnerabilities in Google Calendar and Twitter that he said could be used to steal cookies and session IDs. David moose Wolpoff at Randori explains how hackers pick their targets, and how understanding hacker logic can help prioritize defenses. Read the full article in “Threatpost Today”” by Threatpost.com/researchers.com.”
Source: https://threatpost.com/twitter-google-calendar-open-xss-holes-010410/73314/