Google Patches XSS Vulnerability in Website Optimizer

If you are a Website Optimizer issue, you should immediately update the code on your website with the new one provided by Google. Google has fixed a Cross-Site Scripting (XSS) bug in their control script which can allow an attacker to execute malicious code on your site.

However, according to Google this attack is only possible if your website or browser has been compromised by a separate attack. Google has sent out notes to all users about the issue with instructions on how to update your code. Make sure to do the changes immediately.

Website Optimizer is a part of Google Analytics, however, no other services in Analytics seem to have been affected by this.

Published by

Keith Dsouza

I am the editor-in-chief and owner of Techie Buzz. I love coding and have contributed to several open source projects in the past. You can know more about me and my projects by visiting my Personal Website.I am also a social networking enthusiast and can be found active on twitter, you can follow Keith on twitter @keithdsouza. You can click on my name to visit my Google+ profile.

  • Matt


    Thanks for the update. Your readers may be interested in a simple Google Optimizer Code checker at

    You just enter the URL of the page in question, and it will tell you whether the google website optimizer code is up-to-date, and if it needs to be edited, it will tell you what to change and where to change it.