VULHUB ™

Yahoo! Messenger is prone to a cross-site scripting vulnerability via IMVironment error dialogs. This may occur when a 'ymsgr' URI specifies an invalid IMVironment that includes hostile HTML and script code. This could permit various attacks since the attacker may execute hostile script code in the context of the client. Consequences include exposure of Yahoo messenger IDs and encoded credentials. It should also be noted that this issue could potentially be exploited to corrupt IMVironment data, causing the client to not function properly.

Yahoo! Messenger is prone to a cross-site scripting vulnerability via IMVironment error dialogs. This may occur when a 'ymsgr' URI specifies an invalid IMVironment that includes hostile HTML and script code. This could permit various attacks since the attacker may execute hostile script code in the context of the client. Consequences include exposure of Yahoo messenger IDs and encoded credentials. It should also be noted that this issue could potentially be exploited to corrupt IMVironment data, causing the client to not function properly.