2003-04-02 05:00:00
mitre
PUBLISHED
Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI.