Two Indian Security Researchers Aditya Gupta (@adi1391) and Subho Halder (@sunnyrockzzs) have found a serious Cross Site Scripting vulnerability in one of the most famous social networking websites Tumblr.
This could be used to steal the cookies of the authenticated user, as well as could be used to make a worm, like the one seen in MySpace (Samy Worm) and Orkut (Bom Sabado) earlier.
"We have also tried to contact them via Twitter and mail earlier, but no response from their side. So we have decided to release it. Well, not exactly, where the vulnerability is, but just to let them know that it is vulnerable."