WHID 2006-24: Hotmail XSS (2)

The $a variable in Hotmail's inbox is vulnerable to cross site scripting vulnerability. Exploit requires the victim to open the email message.

Additional information:

• Hotmail Cross Site Scripting [Simo Ben Youssef, Feb 20 2006]