Vulnerabilities > CVE-2007-0768 - HTML Injection vulnerability in Yahoo! Messenger Notification Message

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
yahoo
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information. Access Complexity: Successful exploitation requires that the attacker is in the messenger list of the target.

Exploit-Db

descriptionYahoo! Messenger 8.0 Notification Message HTML Injection Vulnerability. CVE-2007-0768 . Dos exploit for windows platform
idEDB-ID:29531
last seen2016-02-03
modified2007-01-26
published2007-01-26
reporterHai Nam Luke
sourcehttps://www.exploit-db.com/download/29531/
titleYahoo! Messenger <= 8.0 Notification Message HTML Injection Vulnerability