Facebook “Reset Password” XSS Flaw

January 3, 2009 – 5:42 PM

DaiMon has once more discovered a new critical cross-site scripting vulnerability which affects the Facebook “Reset Password” page.  Malicious users can inject code to phish credentials and other sensitive personal information from millions of Facebook members.

We hope that this serious flaw gets fixed quickly as is usually the case with security flaws in Facebook.


  1. 3 Responses to “Facebook “Reset Password” XSS Flaw”

  2. i dont know the code

    By lance on Sep 8, 2009

  3. I’m pretty sure this was fixed a while ago.

    By manunkind on Sep 9, 2009

  4. reset my passwprd

    By syed Misri shah on Jun 6, 2012

You must be logged in to post a comment.