Skype disputes the severity of a new cross-site scripting vulnerability identified in its VoIP client and claims that it cannot be used to do more than change the appearance of text.
The vulnerability was discovered by an Armenian security researcher named Levent Kayan, aka noptrix, who recently identified similar flaws in instant messaging clients.
"Skype suffers from a persistent code injection vulnerability due to a lack of input validation and output sanitization of following profile entries: home, office, mobile," the researcher explains in his advisory.
