I recently began running some testing and discovered that when Yahoo's RSS Aggregator allows a person to add an RSS feed to It?s website, it doesn't properly check the XML file to make sure it doesn't contain possibly malicious code.

Full Document: http://www.alljer.com/yahoorssxss.htm

A malicious...

[ more ]