Cross-Site Scripting Vulnerabilities in Yahoo! Messenger
CVE-2007-0768

Currently unrated

Key Information:

Vendor: Yahoo
Status: Messenger
Vendor: CVE Published:; 6 February 2007

What is CVE-2007-0768?

Multiple cross-site scripting (XSS) vulnerabilities exist within the Contact Details feature of Yahoo! Messenger versions 8.1.0.209 and earlier. These vulnerabilities could allow user-assisted remote attackers to exploit the application by injecting arbitrary web scripts or HTML through the 'src' attribute of an image (IMG) element, specifically manipulating fields such as First Name, Last Name, and Nickname. This issue highlights the importance of proper input validation and sanitization within web applications to mitigate potential threats.

References

http://www.securityfocus.com/bid/22269

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/458225/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/458305/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2007
Vulnerability Reserved
Feb 5, 2007

CVE-2007-0768 Data

JSON