Yahoo! Instant Messenger Script Injection Vulnerability

Yahoo! Messenger is the main instant messaging client used on the Yahoo! network.

It is possible to use a URL beginning with ymsgr:addview? to point the Yahoo! Messenger to a web page containing script that will in turn be rendered by the instant messenger. If this page contains Javascript or Visual Basic Script, the script will be executed by the Yahoo! Instant Messenger.


 

Privacy Statement
Copyright 2010, SecurityFocus