2000-02-04 05:00:00
mitre
PUBLISHED
Hotmail does not properly filter JavaScript code from a users mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript.