Valve Fixes Security Flaws In Steam Community
The Steam community site was deemed unsafe due to XSS (cross-site scripting) exploit that redirect users to a fake or phishing site, and compromise Steam users account. There’s a chance that users might lose their Steam Wallet funds from this vulnerability.
A post on Steam subreddit warns users of what the exploit does and advises users against clicking on Steam profile links.
- Redirect you to any non-steam page, for example a phishing login page. From a user perspective it is you going to a legitimate Steam profile, then you see a login page.
- Utilize scripting to use your Steam Market funds on any item the malicious user chooses, you wouldn’t even need to confirm anything as you’re on a valid login session.
- Manipulate elements on the page as they see fit.
The good news is that the issue has been fixed by Valve.