WHID 2006-35: Yahoo mail XSS in CSS expression keyword

Yahoo mail does not filter properly the CSS "expression" keyword when it includes a comment that is encoded.

Additional information:

Yahoo! Mail XSS Vulnerability [Cheng Peng Su, Apr 21 2006]

Attack Method:

Cross Site Scripting (XSS)

Incident Outcome:

Disclosure Only

Add new comment