Yahoo Sites Impacted by XSS Flaw in Comments Section

Cyber Security News, Information, Tips and Hacks

Yahoo has addressed a cross-site scripting (XSS) flaw that, prior to May 2, existed in the commenting platforms utilized by most of its services, including travel, food, tech, security, news, TV, music, shopping and weather.

An XSS flaw existing in the comments section of most Yahoo sites was fixed in early May. An XSS flaw existing in the comments section of most Yahoo sites was fixed in early May.

The vulnerability – which could enable information theft by simply posting a piece of code into the comments sections of the aforementioned Yahoo websites – was discovered by Behrouz Sadeghipour, an independent researcher known for hunting down bugs in popular services.

“An attacker could inject a malicious script, which could be used to obtain session tokens, cookies and other sensitive information stored in the users’ browser that is associated with Yahoo,” Satnam Narang, a Symantec researcher familiar with XSS flaws, told SCMagazine.com on Monday.

In a Friday post containing proof-of-concept videos, Sadeghipour is shown posting a…

View original post 192 mots de plus

Publicités

Laisser un commentaire

Choisissez une méthode de connexion pour poster votre commentaire:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion / Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion / Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion / Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion / Changer )

Connexion à %s