Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS."
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-07T07:46:54.655Z

Reserved: 2008-01-24T00:00:00

Link: CVE-2008-0454

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2008-01-25T01:00:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-0454

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.