2006-09-25 01:00:00
mitre
PUBLISHED
Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.