XSS Flaw discovered in Skype's Shop, user accounts targeted

The independent security researcher Ucha Gobejishvili has detected a cross site scripting (XSS) vulnerabilities affecting shop.skype.com and api.skype.com.

The independent security researcher Ucha Gobejishvili has detected a cross site scripting (XSS) vulnerabilities affecting shop.skype.com and api.skype.com.

Upon successful exploitation the vulnerability allows an attacker to hijack cookies via required user interaction, leading to complete session hijacking and stealing of the account.

Skype has been informed of the vulnerabilities and is currently investigating.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All