Short Name |
CHAT:YIM:XSS |
---|---|
Severity |
Warning |
Recommended |
No |
Category |
CHAT |
Keywords |
Yahoo Instant Messenger Cross-Site Scripting Vulnerability |
Release Date |
2007/02/21 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Yahoo Instant Messenger. Versions 8.1.0.29 and prior are vulnerable. Attackers can inject scripting into the Last Name field of the chat window resulting in cross-site scripting.
Yahoo! Messenger is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the context of a victim's Internet Explorer temporary folder. This may help the attacker steal information and launch other attacks. Versions prior to 2.1.0.29 are vulnerable to this issue.