Persistent XSS – Yahoo Mail Inbox

yahoo-mail-logo

 

Unexpected Presistent XSS in Yahoo Mail Inbox

This one affected the mobile version: https://mg.mail.yahoo.com/neo/m/launch

Just send an email to the victim and make the content of the email is your payload

Once the victim open his email and go to Inbox, the code will be executed, The severity of this vulnerability was in executeing the code without opening the email you sent

yahoomailxss

Unexpected, Right?

7azla2oom

 

Video:

Timeline:

Nov 11th 2015: Vulnerability reported

Nov 11th 2015: Report triaged

Nov 21st 2015: Resolved

Thanks

 

Also read...

Comments

  1. Pingback: Stored XSS Found in Yahoo! Mail for Mobile | Cyber Security News

  2. Pingback: Stored XSS Found in Yahoo! Mail for Mobile | Mobile Security Review

  3. Pingback: Stored XSS Found in Yahoo! Mail for Mobile | Tfun

  4. Pingback: Stored XSS Found in Yahoo! Mail for Mobile | The Daily Discontent

  5. Pingback: Stored XSS Found in Yahoo! Mail for Mobile | Virus / malware / hacking / security news

Comments are closed.