Security researcher Nir Goldshlager has uncovered vulnerabilities in Twitter and Google Calendar.

"Goldshlager demonstrated cross-site scripting (XSS) vulnerabilities in Google Calendar and Twitter that he said could be used to steal cookies and session IDs," writes eWeek's Brian Prince. "He also uncovered an HTML injection issue affecting Google Calendar as well that he said could be used to redirect a victim to an attack site any time the user viewed his or her Google Calendar agenda events."

"Twitter issued a fix for the issue Dec. 30, and Google told eWeek Dec. 31 it would examine the input validation process for the Google Calendar field to help address the situation," Prince writes.

Click here to read the eWeek story.