WHID 2006-5: Hotmail XSS (1)

Hotmail's filtering engine insufficiently filters JavaScript scripts. It is possible to write JavaScript in the BGCOLOR attribute of the BODY tag, using CSS. This leads to execution when the email is viewed. JavaScript must be Unicode encoded in order to fool the filter. This encoding is recognized with IE >= 6

Additional information:

• Microsoft MSN Hotmail : Cross-Site Scripting Vulnerability [Bugtraq Archives, Mar 23 2006]