Microsoft is investigating multiple bugs in classic Outlook causing sync and connection failures, including EWS-related group creation errors when connecting to Exchange, authentication issues with Gmail/Yahoo accounts, and a disappearing mouse pointer issue affecting multiple Microsoft 365 apps. Temporary workarounds are provided pending official fixes.
Researcher found three vulnerabilities at Yahoo's Brightroll service: two RCEs via JSON injection in a message queue system (bypassing command filters using Unicode escapes), and an SSRF vulnerability in image resizing that allowed arbitrary file reads via curl flag injection. The third vulnerability was nearly an RCE but limited to file disclosure without execution.
Security researcher discovered an SSRF vulnerability in Yahoo! Guesthouse by finding a SAML endpoint through recon, then exploiting the BouncerSAMLRemoteSessionHost cookie which accepted arbitrary hostname values, causing the backend to make requests to attacker-controlled servers.
A reflected XSS vulnerability was discovered in Yahoo's movies subdomain (yahoo.com/movies/film/ and ca.yahoo.com/movies/film/) using a script-breaking payload that escapes into JavaScript execution context, resulting in a $700 total bounty from HackerOne.
A reflected XSS vulnerability was discovered on Yahoo's main domain (www.yahoo.com) in the /author/ endpoint, where user input was reflected without proper sanitization, allowing arbitrary JavaScript execution via a simple payload containing script tags.
A researcher chained two XSSi (Cross-Site Script Inclusion) vulnerabilities at Yahoo to steal user account information by extracting a valid crumb token from a dynamic JavaScript file and using it in a JSONP endpoint request, earning a $750 bounty.
Researcher discovered a reflected XSS vulnerability on Yahoo's hkfood subdomain via a search parameter, initially exploited with a basic payload, then bypassed the fix using tag fragmentation technique (<scr<script>ipt>) to break filter detection.
A stored XSS vulnerability was found in Yahoo News comments section using image tag payload variations. The researcher earned $2000 total bounty for reporting and resolving the issue within 11 days.
A stored XSS vulnerability was found in Yahoo's comment functionality across all domains, exploitable via a payload that bypasses filter mechanisms. The researcher received $1500 in total bounty after responsible disclosure.
A reflected XSS vulnerability was discovered on Yahoo Finance's mobile version via the /quote/ endpoint. The attacker bypassed filters that converted lowercase characters to uppercase by using HTML entity encoding (e.g., a for 'a') to evade the case-sensitivity filter and successfully execute JavaScript.
A researcher discovered a $900 XSS vulnerability on Yahoo through extensive reconnaissance of deep subdomain levels, leveraging directory enumeration and the Knoxss XSS discovery service to find a private WebPageTest instance and exposed PHP endpoints.