Google Patches XSS Vulnerability in Website Optimizer
By on December 7th, 2010

If you are a Website Optimizer issue, you should immediately update the code on your website with the new one provided by Google. Google has fixed a Cross-Site Scripting (XSS) bug in their control script which can allow an attacker to execute malicious code on your site.

However, according to Google this attack is only possible if your website or browser has been compromised by a separate attack. Google has sent out notes to all users about the issue with instructions on how to update your code. Make sure to do the changes immediately.

Website Optimizer is a part of Google Analytics, however, no other services in Analytics seem to have been affected by this.

Tags: ,
Author: Keith Dsouza Google Profile for Keith Dsouza
I am the editor-in-chief and owner of Techie Buzz. I love coding and have contributed to several open source projects in the past. You can know more about me and my projects by visiting my Personal Website. I am also a social networking enthusiast and can be found active on twitter, you can follow Keith on twitter @keithdsouza. You can click on my name to visit my Google+ profile.

Keith Dsouza has written and can be contacted at keith@techie-buzz.com.
  • Matt

    Keith,

    Thanks for the update. Your readers may be interested in a simple Google Optimizer Code checker at

    http://www.observepoint.com/optimizer-test.php

    You just enter the URL of the page in question, and it will tell you whether the google website optimizer code is up-to-date, and if it needs to be edited, it will tell you what to change and where to change it.

 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN