Yahoo mail was found to be vulnerable to onload event handlers inside of style tags. This attack is not explicitly described on my XSS page, because every variant of every event handler inside every HTML tag would end up making my page hundreds of times longer. I try to keep my page as brief and information packed as possible, but this is worth noting.

This entry was posted on Thursday, January 1st, 1970 at 12:00 am and is filed under XSS, Webappsec. You can leave a response as well.