Yahoo! Messenger Notification Message HTML Injection Vulnerability

Yahoo! Messenger Notification Message HTML Injection Vulnerability

An attacker can exploit this issue with a Yahoo! Messenger client application.

The following proof of concept is available:

1. Firstname: example example example example ? ( as long as victim cant see the lastname)
2. Lastname: <img src="javascript:alert('Executed from ' + top.location)" >
3. Request to add victim ID to your contact list.
4. Once victim accepts your request, send him a message and change your online status (Available -> Invisible)