Google Website Optimizer Security IssueBy
Google Website Optimizer announced this week that there is a potential security issue with their Website Optimizer. The basics of the vulnerability is that it would allow an attacker to execute malicious code on your site using a Cross-Site Scripting (XSS) attack, but only if the website or browser had already been compromised by a separate attack. Google says that the probability of the attack is low but that you should take the necessary action to protect your site from it.
Google has fixed the bug and any new experiments created on or after December 3, 2010 are not vulnerable. But if you have any experiments running that were created before December 3rd, or that are paused or stopped that were created before that date you will need to update the code.
They have given two options to update your code which can be found here in the Official Google Website Optimizer blog post titled Update Your Website Optimizer scripts to secure your site, but your choices are to either stop your experiments and create new ones, or update the code on your running experiments directly. Google states that creating a new experiment is the simpler way between the two options.