XSS Exploit found on Apple iTunes site… again
Update: Apple has fixed the exploit, the below link is preserved for posterity but no longer works to display anything abnormal.
Here’s a relatively harmless variation of the XSS capable URL, it iframes Google.com:
It doesn’t take much effort to do your own version. Anyway, let’s hope Apple fixes this quick.
Attached are a few more screenshots of links sent in by tipster “WhaleNinja” (great name by the way)