Google today emailed all their Website Optimiser and Google Adwords users informing them of a potential security issue with Website Optimiser. Apparently attackers found a vulnerability in the Website Optimiser Control Script. As explained on the email: an attacker might be able to execute malicious code on your site using a Cross-Site Scripting (XSS) attack. This attack can only take place if a website or browser has already been compromised by a separate attack. While the immediate probability of this attack is low, we urge you to take action to protect your site.The bug is now fixed, and all new experiments are not susceptible. However, any experiments you are currently running need to be updated to fix the bug on your site. Additionally, if you have any Website Optimiser scripts from paused or stopped experiments created before 3 December 2010, you will need to remove or update that code as well! You can find out more on the official blog.