Vulnerabilities > CVE-2007-0768 - HTML Injection vulnerability in Yahoo! Messenger Notification Message
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information. Access Complexity: Successful exploitation requires that the attacker is in the messenger list of the target.
Vulnerable Configurations
Exploit-Db
description | Yahoo! Messenger 8.0 Notification Message HTML Injection Vulnerability. CVE-2007-0768 . Dos exploit for windows platform |
id | EDB-ID:29531 |
last seen | 2016-02-03 |
modified | 2007-01-26 |
published | 2007-01-26 |
reporter | Hai Nam Luke |
source | https://www.exploit-db.com/download/29531/ |
title | Yahoo! Messenger <= 8.0 Notification Message HTML Injection Vulnerability |