

XSS in TweetDeck - PaulSec
https://twitter.com/__Freakyclown__/status/476749163020161024

======
Shank
It works in the Chrome client and the Windows client apparently; viewing any
tweet with script tags in either client results in that script running.

------
JonoBB
Confirmed that this works in Linux Chrome. How is it possible that this has
not been picked up before? Or is it a new vulnerability?

~~~
PaulSec
Nothing new in my opinion. I don't understand how it has been unknown for such
a long time.

~~~
passfree
It is unknown because nobody checked. Why nobody checked? Because it is too
simple so nobody thought that it will work until now.

