2005-11-16 21:17:00
mitre
PUBLISHED
Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a users buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an aim: URL.