This article has been indexed from Softpedia News / Security
A security flaw in Koo’s platform was uncovered, allowing attackers to run malicious JavaScript code against its users, according to The Hacker News. To keep the exploit from spreading, the platform patched the vulnerability. When security researcher Rahul Kankrale discovered the problem, Koo immediately responded by rolling out a remedy the next day.
The Koo contains a stored cross-site scripting vulnerability (also known as persistent XSS) that allows malicious scripts to be injected directly into the compromised web application. To initiate the attack, XSS-encoded payloads were employed, and anyone who encountered the message was in danger.
Cross-site scripting allows an attacker to perform activities on behalf of users who have the same privileges as the attacker while stealing web browser secrets such as authentication cookies from the victim’s computer….
Read the original article: Koo, Indian Twitter Alternative, Found Vulnerable to Critical Worm Attacks