[24865] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

JS embedding @ yahoo.com

daemon@ATHENA.MIT.EDU (Alan McCaig)
Thu Mar 28 17:12:29 2002

Date: 28 Mar 2002 11:48:25 -0000
Message-ID: <20020328114825.3978.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Alan McCaig <alanmccaig@yahoo.co.uk>
To: bugtraq@securityfocus.com

Any user can embed JavaScript into there yahoo 
profiles. When the user selects to change his picture 
then selects point to a photo on the Web. They can 
then embed javascript on the end of the url. An 
example of this can be viewed here 
http://uk.profiles.yahoo.com/embeddedjs
This has been active for a while now and yahoo have 
still took no action in fixing it.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[24865] in bugtraq

JS embedding @ yahoo.com

daemon@ATHENA.MIT.EDU (Alan McCaig)Thu Mar 28 17:12:29 2002

daemon@ATHENA.MIT.EDU (Alan McCaig)
Thu Mar 28 17:12:29 2002