A security vulnerability in Yahoo Mail was fixed last week. The flaw allowed an attacker to read a victim’s email or create a virus infecting Yahoo Mail accounts, among other things. The attack required the victim to view an email sent by the attacker. No further interaction (such as clicking on a link or opening an attachment) was required. How it was found As the anniversary of last year’s Yahoo
![Yahoo Mail stored XSS #2 | Klikki](https://cdn-ak-scissors.b.st-hatena.com/image/square/87814587bd0f31b296c20d46b61749ba0fadeeaa/height=288;version=1;width=512/http%3A%2F%2Fklikki.fi%2Fwp-content%2Fuploads%2F2022%2F02%2Fyahoo-attachment-options.png)