XSS Flaw discovered in Skype's Shop, user accounts targeted

Summary: The independent security researcher Ucha Gobejishvili has detected a cross site scripting (XSS) vulnerabilities affecting shop.skype.com and api.skype.com.

By Dancho Danchev for Zero Day | February 24, 2012 -- 02:10 GMT (18:10 PST)

Follow @danchodanchev

The independent security researcher Ucha Gobejishvili has detected a cross site scripting (XSS) vulnerabilities affecting shop.skype.com and api.skype.com.

Upon successful exploitation the vulnerability allows an attacker to hijack cookies via required user interaction, leading to complete session hijacking and stealing of the account.

Skype has been informed of the vulnerabilities and is currently investigating.

Topics: Social Enterprise, Collaboration, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment

Log in or register to join the discussion

XSS Flaw

If I remember exactly similar XSS flaws were discovered on the same site section a few months ago.

Sources based on xssed.com

computer112

26 February, 2012 11:39

Reply Vote

The best of ZDNet, delivered

White Papers, Webcasts, & Resources

Electrical Efficiency Measurement for Data Centers

This paper explains how data center efficiency can be measured, evaluated, and modeled, including a comparison of the benefits of periodic assessment vs. continuous monitoring.
Proven Value with the Oracle Database Appliance

For databases supporting business-critical operations, more and more mid-sized companies are turning to appliances - such as the Oracle Database Appliance. This executive brief highlights the data management challenges a California-based organization faced. Learn more now.
Delivering Worry-Free Storage

Learn how IBM's new features for low-end storage systems can increase efficiency, protect the data storage environment, and drive a lower total cost of ownership.