Wednesday, October 29, 2008

XSS Vulnerability in Yahoo HotJobs

A cross-site scripting (XSS) issue reportedly found in Yahoo HotJobs has been fixed, according to SC Magazine. Details of the vulnerability, which could allow an attacker to steal authentication cookies for Yahoo accounts, are on the Netcraft blog.

Netcraft said the attack would allow a broswer session to be hijacked and, with it, cookies that access Yahoo accounts, such as e-mail.

Yahoo recommended that concerned users change their passwords and verify they are signing into Yahoo with their Sign-in Seal.


Post a Comment

<< Home