Net security firm Finjan Software, said it informed Microsoft last week of a cross-site scripting vulnerability on the site which could potentially be exploited to gather personal and confidential information from visitors to the site.

The phishing routine could possibly scan details such as email address, home address, credit card number from consumers wishing to pre-order Microsoft's new gaming console, the firm said.

The firm said it handed Microsoft details of the vulnerability last Thursday, May 19th 2005.

The Vole was able to patch the hole within 12 hours, Finjan said. µ

L'INQs
www.xbox360.com
Finjan