AOL Instant Messenger URL refresh Tag XSS
Medium Nessus Network Monitor Plugin ID 1247
SynopsisThe remote AOL Client may be coerced into running arbitrary HTML code
DescriptionThe remote host is running AOL Instant Messenger (AIM). AIM is prone to an issue that may allow maliciously crafted HTML to perform unauthorized actions (such as adding entries to the buddy list) on behalf of the user of a vulnerable client. This condition is due to how the client handles aim: URIs. These actions will be taken without prompting or notifying the user. This issue was reported for versions of AIM running on Microsoft Windows and MacOS. The Linux version of this client is not affected.
SolutionUpgrade to the latest version of AOL Instant Messenger.