Persistent XSS – Yahoo Mail Inbox
Unexpected Presistent XSS in Yahoo Mail Inbox
This one affected the mobile version: https://mg.mail.yahoo.com/neo/m/launch
Just send an email to the victim and make the content of the email is your payload
Once the victim open his email and go to Inbox, the code will be executed, The severity of this vulnerability was in executeing the code without opening the email you sent
Unexpected, Right?
Video:
Timeline:
Nov 11th 2015: Vulnerability reported
Nov 11th 2015: Report triaged
2015: Resolved
Thanks
Pingback: Stored XSS Found in Yahoo! Mail for Mobile | Cyber Security News
Pingback: Stored XSS Found in Yahoo! Mail for Mobile | Mobile Security Review
Pingback: Stored XSS Found in Yahoo! Mail for Mobile | Tfun
Pingback: Stored XSS Found in Yahoo! Mail for Mobile | The Daily Discontent
Pingback: Stored XSS Found in Yahoo! Mail for Mobile | Virus / malware / hacking / security news