Cross-Site Scripting Vulnerability in Yahoo! Messenger for WAP
CVE-2006-4975

Currently unrated

Key Information:

Vendor: Yahoo
Status: Messenger
Vendor: CVE Published:; 25 September 2006

What is CVE-2006-4975?

Yahoo! Messenger for WAP is susceptible to a cross-site scripting vulnerability that allows attackers to inject arbitrary web scripts or HTML into messages. This occurs when users save messages containing JavaScript, permitting user-assisted remote exploitation through specially crafted URLs. Attackers can exploit this vulnerability to execute scripts in a user's context, potentially leading to data theft or unauthorized actions.

References

http://securityreason.com/securityalert/1626

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/446414/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://advisories.echo.or.id/adv/adv47-theday-2006.txt

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2006
Vulnerability Reserved
Sep 24, 2006

CVE-2006-4975 Data

JSON