Yahoo Mail! has patched a stored cross-site scripting (XSS) vulnerability and awarded a researcher $10,000 for finding the flaw.
There are currently no known exploits for this vulnerability.
In a blog post, the researcher explains that he created the bug based on the fact that certain malformed HTML code can pass through Yahoo! Mail’s filters. More specifically, Pynnonen found that he could insert unrestricted HTML attributes in tags that allow a “boolean” attribute, which he could exploit to execute malicious code.
A proof-of-concept demo of the exploit can be viewed below:
On December 26th, 2015, the researcher reported the vulnerability to Yahoo! Mail via its HackerOne bug bounty program, which announced last summer that it had awarded $1 million to researchers over the course of a year.
Yahoo! Mail fixed the vulnerability on January 6th and awarded Pynnonen $10,000 for his discovery. This is more than what some researchers have received in the past for their submissions to the second largest email service’s bug bounty program.