うわっ！はせがわさん、すげぇ。Full-disclosure書いてるし。

• XSS using Atom feed in www.ibm.com - 葉っぱ日記の件、Atom や RDF を利用したXSS - 葉っぱ日記のお話

A Japanese security researcher has alleged that an Atom format syndication feed on IBM.com was at risk from an XSS attack. The flaw would only have been exploitable for users of Microsoft's Internet Explorer version 6 and has apparently been fixed.

Security researcher Yosuke Hasegawa told InternetNews.com that he reported the flaw to IBM through the IPA/ISEC. He said IBM replied on Aug. 30 saying the issue had been corrected.