Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

AOL Instant Messenger URL refresh Tag XSS



The remote AOL Client may be coerced into running arbitrary HTML code


The remote host is running AOL Instant Messenger (AIM). AIM is prone to an issue that may allow maliciously crafted HTML to perform unauthorized actions (such as adding entries to the buddy list) on behalf of the user of a vulnerable client. This condition is due to how the client handles aim: URIs. These actions will be taken without prompting or notifying the user. This issue was reported for versions of AIM running on Microsoft Windows and MacOS. The Linux version of this client is not affected.


Upgrade to the latest version of AOL Instant Messenger.