The H – (International) Critical security vulnerability at Amazon fixed. The Amazon Web site has fixed a cross-site scripting vulnerability which could have been used to inject malicious JavaScript code which allows 3rd-party access to various elements of a user’s account, including the shopping cart, history, name, and email address associated with the account.
Source: http://www.h-online.com/security/news/item/Critical-security-vulnerability-at-Amazon-fixed-1787328.html
