Windows 7 Skype Disputes Severity of XSS Vulnerability


Senior Member
Skype disputes the severity of a new cross-site scripting vulnerability identified in its VoIP client and claims that it cannot be used to do more than change the appearance of text.

The vulnerability was discovered by an Armenian security researcher named Levent Kayan, aka noptrix, who recently identified similar flaws in instant messaging clients.

"Skype suffers from a persistent code injection vulnerability due to a lack of input validation and output sanitization of following profile entries: home, office, mobile," the researcher explains in his advisory.
Skype Disputes Severity of XSS Vulnerability - Softpedia

This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.