I added a vector to the list found by Sec-Consult out of Austria. They found a hole in Yahoo using CDATA obfuscation in XML.

This entry was posted on Thursday, January 1st, 1970 at 12:00 am and is filed under XSS, Webappsec. You can leave a response as well.